Cyber criminals have many methods of stealing information online. One of the more common methods is phishing. Phishing is when cyber criminals send out emails that look legitimate, but are actually trying to steal information by “fishing” for it. Phishing scams can try to get sensitive personal information such as log in credentials, credit card information, or personal health numbers. 

An Increase In cPanel Phishing Emails 

We have been receiving an increased number of calls and support tickets involving emails from what looks like your own domain. These emails are disguised to appear to be from your own server, however, they are likely a phishing scam aimed at getting your login information for your cPanel. The subject line of the emails typically are: 

  • “WARNING The domain “yourdomain.com” has reached their disk quota”  
  • “WARNING The email account “yourmail@yourdomain.com” storage is almost full” 

If you get this email despite not being near the quota or storage limit, chances are this is likely a phishing scam. Be wary of clicking on any links in the email and inputting any login or personal information.  

You can check to see if you are near your quota or storage limit by logging into your cPanel backend and looking for the Statistics dashboard on the right-hand side. Disk Usage will tell you how much storage you’ve used and clicking on Email Accounts will take you to a page that breaks down the storage usage for each of your emails.  

Check Your Email Headers 

To check if the email you received is truly a phishing attempt, look at the email headers. To find email headers in Gmail, go to the message, go to the upper right-hand side, then click the 3 dots and select show original. In Outlook, right click on the message and click view source.  For other email clients, check out this guide.  

The email headers will provide detailed information that will help determine if the email received is truly legitimate or not. You will want to look for who sent the email and what server it came from.  

Uh Oh I Clicked On The Link 

If you do happen to click on a link and enter your login credentials, change the password to your cPanel as soon as possible. The quicker you do this the better.  

If you find the server or IP address that the email was sent from, you can also blacklist the server in WHM. To blacklist a server, you have to:  

  1. Log in to WHM as the root user 
  2. Click Service Configuration then EXIM Configuration Manager 
  3. Search for “Blacklist” in the search bar on the right 
  4. Find Blacklisted SMTP IP addresses and click “Edit”  
  5. Enter the IP address of the server then click save  

When in doubt, ask 

If you are questioning whether the email is real or not, give customer service a call before clicking on any links. If there is an issue with your account, customer service will be able to tell you. You can also find out more about this specific phishing scam by clicking here.