Knowledgebase: Scams and Spams
Phishing attempt, claiming to be Cpanel
Posted by Roy Petersen on Jul-01-2012 01:18 PM
We've recently received a notice claiming to be from Cpanel (the control panel we use on our shared hosting servers), claiming a DNS issue. The link included in the email (www cpanel net/login) is definitely not to Cpanel (the actual link wrapped around this was removed here, but led to a very different domain, and not cpanel.NET), and is meant to alarm the recipient into thinking something needed immediate attention. Shared hosting customers don't have access to DNS settings in Cpanel, so even if this were legitimate (it isn't), there would be nothing you could do. They are simply trying to steal your Cpanel login information.
Any notices involving your hosting, DNS, email accounts FTP and so on will come directly from us.
 
This is very reminiscent of the same sort of scam involving "your email administrator" and claims of your account being over quota that had been circulating recently. That was intended to get you visit a fake login and provide all your details, which they would then use to take over your account. 
 
Here is the message received (actual domain redacted):
 
To: webmaster@<<domain.com>>
Subject: Problem with DNS setup on host-name
 
Cpanel Message Center
 
Dear Customer
Due to our security upgrade to avoid multiple logon and an unauthorized access to your online cpanel and FTP account we do require you to sign in your domain name and username and password for security check on your account and afterward we shall send a security code to your email as part of confirmation that your domain has now been properly verified and secured.
 
To process to confirm and verify your domain for this security check please click » www cpanel net/login.
Failure to confirm your domain within 2 business days may lead to suspension of your domain if we observe any unauthorized login and may lead to total removal of the domain name from our system.
 
Cpanel Management