Alert – Lookout for fake cPanel emails
Published by Peter Armstrong on April 13th, 2021
Spiral Hosting are today asking our clients to be extra vigilant for scam emails purporting to be “Disk Quota” or “Resource Usage” warnings from cPanel.
We wish to advise all our clients to be on the lookout for scam emails that might appear to be generated by your cPanel hosting account. There are several different versions of a phishing scam email currently circulating, which may look like genuine cPanel notifications and include the cPanel logo. The emails typically contain a warning that your hosting service is about to reach a limit and request that you click on a link. Do NOT click on any links!
The phishing emails contain a link to a malicious web page. The web page will display a fake cPanel login page, which will be used by scammers to capture your login details and then forward you to your actual cPanel login page (so it appears like nothing unusual has happened!). The malicious link may include references to your own website URL to trick you.
We strongly advise all clients to disregard such emails, delete the message, do NOT click on any links, and do NOT reply to it.
A genuine email from cPanel will contain your cPanel username, the details of current usage will match (or very close) to the figures shown in your cPanel control panel, the genuine email will never ask you to complete payment and/or upgrade the service for a fee/free or charge. Billing & upgrades for services provided by Spiral Hosting are always handled directly by us and not cPanel.
If you have mistakenly clicked on a link and/or entered your login details, you should take immediate action to secure your hosting account and prevent it being hacked/compromised. You can set a new password for your cPanel hosting account with one of these two options:
1) Login to your cPanel control panel by typing your website address followed by /cpanel
If you’re not sure, check the welcome email we sent you when you signed up.
2) Login to your Spiral Hosting client area, go to the Services page, find the hosting service in the list and click “Manage Settings”, then click on the button “Change Password”.
Our advice is:
– Fake emails are circulating that look a lot like genuine cPanel notifications
– Do NOT click any links or open attachments!
– Never reply to any spam/scam emails
– Emails purporting to be from cPanel can be forwarded to cPanel for investigation. Please forward the email including the full headers to firstname.lastname@example.org
– Always use very strong passwords and never use the same password for multiple websites
– Keep your computer’s operating system, email application and web browser software up to date
– Inform your work colleagues and family to lookout for similar scams
Please contact our support team if you are not sure about the legitimacy of any email you receive.