[Updates] Phishing email is getting more common nowadays. Normal email service providers such as cPanel doesn’t equipped with advanced spam filtering tools when compared with other service providers such as Microsoft 365, Google Gsuits, Zoho mail etc. These scammers are able to scrape emails from all over the internet which is pretty common nowadays, and send out spam to those collected emails.
These scammers can either rent a server or any hosting and install email software in the server and start blasting the phishing email. cPanel email users have become one of the target by receiving large amount of email related to their website or email hosting with deceiving content such as the disk space quota has full, or password expired, etc.
These links in the phishing email aren’t legit at all. They are just another web domain but the site design looks like the same that you are logging in all the time.
If you key in your username and password into these unsolicited login forms, it will either tell you your username and password incorrect or redirect you to another website. Well, in the background they have obtained your credential.
Once your credential is exposed, spammers will repeat the same cycle by using your email to send phishing emails or spam emails to other victims. The process will continue until the next victims fall into more severe damage, such as bank accounts leaking etc.
Unfortunately there isn’t any way to prevent all these phishing emails especially with cPanel or other shared hosting email service. But there are ways to prevent,
- Subscribe to better email service
Corporate email service providers such as Microsoft 365, G Suits, Zoho, etc do the job pretty well when it comes to fighting spam. By default shared hosting software such as cPanel used SpamAssassin to combat spams, but it isn’t as powerful as the big companies such as Microsoft 365 and G Suits when they have the better capabilities to study and filter spam with their strong AI algorithm behind. Pricing for these email service providers isn’t cheap compared with shared hosting but it does the job, so why not. - Having precautious towards email that create urgency
You will notice the pattern of content from these phishing emails. It’s either informing you that your password has expired or leaked, or account quota has expired, or profile has outdated and requested to update or else the you account will be locked within how many days, and many other. These emails create a sense of urgency (pretty well tactic) so you will react quickly without thinking too much of it and therefore you will fall into the trap.
- Look into the email header for suspicious email
Spammers always mask the sender name or email address when sending all these spam emails. In front you will always think it’s from a legitimate sender but in fact it’s from some unknown emails.
Always check the email header if you find it suspicious. If you are using cPanel email service this is the guide for you to check the email header https://support.cpanel.net/hc/en-us/articles/360037044773 if you are using outlook desktop you can follow the guide here https://support.microsoft.com/en-us/office/view-internet-message-headers-in-outlook-cd039382-dc6e-4264-ac74-c048563d212c.
If you found out the sender email from the header isn’t the same as what you’ve seen in your inbox you should be highly alert with this email.
There are more ways to prevent disaster happens, we are not able to cover all of them in one article, always education is the root of prevention, there are many more ways you can find from different source, we’ve found one from cPanel official site in spotting phishing email https://blog.cpanel.com/how-to-spot-a-phishing-email. In case you would like to know more you can always reach us, we are more than willing to help you if you are one of the victims for this phishing traps.
We also suggest the public report all these phishing sites to different authorities to combat all these criminals. This is a good source https://decentsecurity.com/#/malware-web-and-phishing-investigation/
There are more forms of scamming…
IT scamming can be in any form and I assure you that you don’t want to be one of the victims. The lesson to pay for after the scamming or hacking is far greater than investing yourself into basic security knowledge before it’s too late.
In Malaysia phone call scamming is relatively famous as has been proven to have a higher success rate to reach the scammers’ objective. Source: https://www.thestar.com.my/news/nation/2019/12/04/first-they-spam-then-they-scam
Whereases in other countries, IT service scamming can be pretty common.
Scamming can be in any form and email is still one of the easiest and effortless ways bait on the victims.
If you deal with email constantly, it’s advisable to be very cautious on all the suspicious email.