Some users of the shared web hosting administrative software cPanel began reporting a phishing campaign on August 5th. The email tried to lure victims with the subject “cPanel Urgent Update Request” and listed three “updated” versions of the software that would address all the vulnerabilities. Although phishing emails are typically poorly worded with plenty of grammatical and spelling errors, this one should be a reminder that not all phishing attempts will be so obvious. Ultimately, the goal of the attack was to convince victims to click on a link, directing them to a fake site which prompted the victim to enter their cPanel credentials.
Analyst Notes
Phishing emails often use a sense of urgency to get victims to get their victims to click through quickly and without paying much attention. The obvious clue that recipients could have looked for was the sender address. The email was sent from the domain cpanel7831[.]com rather than the official cpanel.net domain. Always try to check the links in an email before clicking on them. If it looks odd or attempts to use a URL shortening service like bit.ly to hide the real link, just browse to or search for the official website.
Source: https://www.bleepingcomputer.com/news/security/fake-security-advisory-used-in-clever-cpanel-phishing-attack/
