Fake Security Advisory used in cPanel Phishing Attack
BleepingComputer has analyzed a targeted phishing campaign being reported by cPanel users. The phishing email has a subject line of “cPanel Urgent Update Request.”
The content of the body is a fake security advisory claiming that an update is needed to patch cPanel vulnerabilities. It mimics legitimate cPanel emails in order to increase its legitimacy and is relatively well crafted with few grammar and spelling issues. In order to further trick users, the attackers registered a lookalike domain, which was used in combination with Amazon Simple Email Service (SES) to send out the emails.
Clicking the link in the body of the email redirected users to a fake cPanel login page. The phishing landing page has since been taken down and now redirects to a Google search for “cpanel.”
Indicators of Compromise
cpanel811.com
cpanel7831.com
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.