Spam email campaign targeting cPanel users

We have seen the emergence of a new spam email campaign that is targeting cPanel users. 

Background

For background, cPanel is the software we use to help you easily manage your web hosting account, business email address, DNS records and more.... Although we manage this, each custom has access to their own account to be able to make and changes they need, run a backup, setup new MySQL databases, etc. As you can see this powerful software can really help you manage your day to day hosting tasks, but also why it would be a target for hackers; If they get access to your account, they can send any email they want.

Campaign

The spam email campaign takes the format of a regular "The domain has reached their disk quota." email that would normally be send via the cPanel software for each account when they are running out of the allocated disk space.

The spammers have picked up the same style, branding and colour that you would normally expect from a cPanel email, however the standard emails would direct you to your domain, or sometimes a domain controller by us, whereas the spammers will try to direct you to phishing website to trick users into handing over your account username and password.

Mitigation

The best advice that we can offer is the usual password security advice:

• Don't click links in email you are not expecting.
• Use a password manager (such as Bitwarden, 1Password, etc)
• Enable 2-factor authentication in your account (Both on https://encode.host and your cPanel account)
• If you have a query and not sure, take advice or raise a support ticket.
• If you think your account has been compromised, contact us immediately.

Remember, if you do want to check your disk usage, you can always do this via your customer service portal account @ https://encode.host