From time to time, we receive inquiries from our customers about whether the email has been sent from us and whether it is genuine.
Hackers are constantly using new methods and designing phishing emails and websites that make it difficult for a user to see if it was sent from the provider or the hacker. Below we take a look at a specific attack we have seen in the last couple of days.
cPanel servers will send emails with information if a web hosting account approaches the disk limit.
We send emails if an account reaches a limit of 90% (critical) and 98% (full). These emails are sent directly from the server to cPanel’s contact email if it is set up.
Below you will see a typical phishing email:
How to find out if it’s genuine?
First of all, it is important to take a look at the header of the email. It shows who it’s sent from / to and other hidden information that does not show at first glance.
It is a good idea to view the email in “Plain text” which means that HTML elements are not displayed and you can then see if there are hidden links (URLs) in the email.
Below is the same email showing details from the headers by clicking “Details” in the Roundcube:
You can also check in the plain text version and can then see that there are hidden links in the email:
It is therefore not safe to click on these links and provide any information on these sites. Delete the email.
What does a real cPanel email look like?
Below you will see a screenshot of an email sent from one of our servers. It shows the username and the entire domain name as well as the disk usage and how much is free.
It will also tell you how many files are in use in the account in the same email. Notice the differences from the pictures above.
And in plain text, without HTML, the email looks like this:
We also recommend to setup two factor login to our customer pages and to cPanel.