Fake Security Advisory used in cPanel Phishing Attack

BleepingComputer has analyzed a targeted phishing campaign being reported by cPanel users. The phishing email has a subject line of “cPanel Urgent Update Request.”

The content of the body is a fake security advisory claiming that an update is needed to patch cPanel vulnerabilities. It mimics legitimate cPanel emails in order to increase its legitimacy and is relatively well crafted with few grammar and spelling issues. In order to further trick users, the attackers registered a lookalike domain, which was used in combination with Amazon Simple Email Service (SES) to send out the emails.

Clicking the link in the body of the email redirected users to a fake cPanel login page. The phishing landing page has since been taken down and now redirects to a Google search for “cpanel.”

Indicators of Compromise

cpanel811.com

cpanel7831.com

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: