Knowledgebase: Scams and Spams
Cpanel and FTP
Posted by Roy Petersen on Dec-22-2009 04:42 PM
We've recently come across a "phishing" scheme (phishing is a trick to get you to reveal information by pretending to be someone they are not) involving a request for you to verify FTP (file transfer protocol) passwords and usernames, and pretending to be your hosting company, Woollybear Web.
The subject will say something like "for <<hosting company>> web hosting user" and it will go on to ask something like this in the message:
Dear user of <<hosting company>>,
Due to the system maintenance, we kindly ask that you take a few minutes to confirm your FTP details.
Please confirm your FTP details by using the link below

It provides a link that looks correct, except it has quite a bit of "session" information (sessions are sometimes used to track your activity on the site, but as you haven't been there yet, that's suspicious) at the end. It's apparently this information that actually brings you the the attacker's site and shows what looks like a real login form (see image below) for Cpanel FTP access.



This is not something we would ever contact you and ask you to do. If we contact you, we will include your name, and we will never, ever, ask you to visit a web page and give your login details, confirm settings or any of that. The same thing would hold true for email accounts, your Cpanel account or anything having to do with your account and services with Woollybear Web.
Be safe out there.