Cyber criminals have many methods of stealing information online. One of the more common methods is phishing. Phishing is when cyber criminals send out emails that look legitimate, but are actually trying to steal information by “fishing” for it. Phishing scams can try to get sensitive personal information such as log in credentials, credit card information, or personal health numbers.
An Increase In cPanel Phishing Emails
Currently,?we have been receiving an increased number of calls and support tickets involving emails from what looks like your own domain.?These emails?are disguised to appear to be from your own server, however, they are likely a phishing scam aimed at getting your log in information for your cPanel.??The subject line of the emails typically are:
- “WARNING The domain “yourdomain.com” has reached their disk quota”
- “WARNING The email account “email@example.com” storage is almost full”
If you get this email despite not being near the quota or storage limit, chances are this is likely a phishing scam. Be wary of clicking on any links in the email and inputting any log in or personal information.
You can check to see if you are near your quota or storage limit by logging into your cPanel backend and looking for the Statistics dashboard on the right hand side. Disk Usage will tell you how much storage you’ve used and clicking on Email Accounts will take to a page that breaks down the storage usage for each of your emails.
Check Your Email Headers
To check if the email you received is truly a phishing attempt, look at the email headers. To find email headers in Gmail, go to the message, go to the upper right-hand side, then click the 3 dots and select show original. In Outlook, right click on the message and click view source. For other email clients, check out this guide.
The email headers will provide detailed information which will help determine if the email received is truly legitimate or not. You will want to look for who sent the email and what server it came from.
Uh Oh I Clicked On The Link
If you do happen to click on a link and enter your log in credentials, change the password to your cPanel as soon as possible. The quicker you do this the better.
If you find the server or IP address that the email was sent from, you can also blacklist the server in WHM. To blacklist a server, you have to:
- Log in to WHM as the root user
- Click Service Configuration then EXIM Configuration Manager
- Search for “Blacklist” in the search bar on the right
- Find Blacklisted SMTP IP addresses and click “Edit”
- Enter the IP address of the server then click save
When in doubt, ask
If you are questioning whether the email is real or not, give customer service a call before clicking on any links. If there is an issue with your account, customer service will be able to tell you. You can also find out more on this specific phishing scam by clicking here.