Phishing Campaign Targets cPanel Users’ Credentials
Cybercriminals have devised a new phishing campaign with the aim of harvesting users’ cPanel credentials. Urgent security measures have helped limit the effectiveness of the malicious campaign. Nonetheless, users are advised to be on high alert.
Users have in the recent past reported phishing campaign aimed at tricking them into giving away their cPanel and WebHost Manager credentials. The campaign was floated around with the subject line ‘cPanel Urgent Update Request.’
The attackers crafted and used the most professional-looking language possible to ensure that the attack looked less suspicious or outright believable. It remains to be seen, however, the exact magnitude of the attack that had been in effect for quite some time before users raised the alarm.
To make the attack seem even more legitimate, the attackers purchased a domain, cpanel7831.com, and used the Simple Email Service from Amazon. This aided their malicious campaign, regardless of whether they achieved their targets or not.
The cpanel7831.com website was complete with a button labelled ‘Update Your cPanel and WHM Installs.’ Clicking on the button redirected you to another site that requested you to log in using your cPanel credentials. Logging into the site translated to giving away your cPanel credentials.
The site has since been taken down but all victims of the attack are advised to log into their web hosting provider and change their passwords.
cPanel provides users with a Linux-based Graphical User Interface (GUI) from whence, they can manage their website resources and server management.
The attackers explained why cPanel had not released an official statement at the bottom of their ‘security advisory.’ Here is a snippet of the message:
“The cPanel Security Team identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time. Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues.”
With phishing campaign becoming more prominent and sophisticated, being ready for them will be worthwhile. You need to identify them from legitimate emails whenever they hit your inbox. But how will you do that? Well, here are 5 simple ways to identify a phishing email.
They request sensitive information
Whatever the case, legitimate companies will never ask for very sensitive information like passcodes or credit card information. Whenever you see this kind of email, always know you are being scammed, no matter how legit it may appear.
Genuine companies have clear domains
Another way of identifying a phishing email is by examining its sender domain. In most cases, scammers will try their best to imitate emails of legitimate companies like your bank or mobile service provider. Always look for anomalies like domain extensions and unclear signs and separators.
Spelling mistakes
Most phishing campaigns come with very suspect grammatical mistakes as well as punctuation. While others may fare well in this department, always be on the lookout for other signs.
Being redirected/forced to follow a website
Most phishing emails are also aimed at increasing the number of clicks on a target website. As such, you may receive an email alerting you on something. Their call to action is always to click on a button or link that will ultimately redirect you to their website. Legitimate emails and companies will never compel you to do this.
Suspicious attachments
The attachments on most phishing emails are always tailored towards causing some sort of malice to your device. Always be on the lookout.
To be safe, avoid opening and clicking on links in suspicious emails. As long as the sender is not clear or cannot be verified, you have no business finding out what they have to say.
Related; Phishing on email reigns supreme, COMODO report confirms.