Phishers Start E-mail Scam Designed for Digging cPanel Details
Security researchers are warning that Internet criminals are running a phishing e-mail campaign with an aim at duping website administrators so they would unwittingly give away their cPanel details, published softpedia.com dated February 6, 2014.
Displaying a caption "Your cPanel Account Verification," the bogus electronic mails tell that the Technical Services Division is conducting one particular software upgrade; therefore, the recipient (web admin) should login for re-validating his account. This can be done via following a given web-link viz., login.cPanel.net. The direction dispatched to each and every customer requires mandatory compliance on their part, the e-mail concludes.
But following the web-link leads onto one bogus page where end-users are directed for logging in through the already known dialogue box for cPanel login. And once the credentials are entered and submitted, a message pops up telling that the account re-confirmation has been successfully done.
Unfortunately, the login credentials land up with the cyber-criminals who utilize them for compromising the victims' websites. These compromised sites further enable to create fake pages to get utilized for more phishing as well as malware scams. Moreover, by gaining admission into the e-mail A/Cs of the websites, the criminals can distribute junk or fake e-mails on behalf of the same websites. Indeed the scammers, by wholly hijacking and regulating the websites manage in utilizing them to carry out various fraudulent activities, remark analysts studying the phishing scam.
Certainly, several website owners and administrators will have sufficient experience in fast recognizing that the electronic mail is a scam. However, with greater accessibility to website ownership and administration currently, a few, if not more, users will be inexperienced enough, thereby believe the trick.
Thus, for users who may have unknowingly provided their cPanel details in the above scam require altering their password fast, and in case the password is identical for many A/Cs, then every one of them should be changed, the security specialists suggest.
Finally, it's important to maintain up-to-date anti-phishing and anti-spam programs on one's computer so spurious messages are blocked from landing inside Internet users' mailboxes at the very outset, the specialists state in addition.
» SPAMfighter News - 12-02-2014