Alert – Lookout for fake cPanel emails
Published by Peter Armstrong on November 6th, 2024
MAXER are today asking our clients to be extra vigilant for scam emails purporting to report “Unusual activity” or “Spam reports”, which may include the cPanel logo, webmail icon, RoundCube logo, Maxer logo or your organisation’s name/logo.
We wish to advise all our clients to be on the lookout for scam emails that attempt to mimick an abuse/spam report from cPanel or Maxer. There are several different versions of a phishing scam email currently circulating, which may look like genuine cPanel notifications and include the cPanel or webmail logo. The emails typically contain a warning that your hosting service is responsible for spamming, that a limit has been reached, and request that you click on a link. Do NOT click on any links!
The phishing emails contain a link to a malicious web page. The web page will display a fake cPanel login page, which will be used by scammers to capture your login details and then forward you to your actual cPanel login page (so it appears like nothing unusual has happened!). The malicious link may include references to your own website URL to trick you.
Many of the emails we’re seeing begin with “Dear Valued Customer”.
We strongly advise all clients to disregard such emails, delete the message, do NOT click on any links, and do NOT reply to it.
Hypothetically, if there was an abuse issue on your hosting account, such as spamming or malware, our Abuse Department would open a support ticket on your MAXER account. You can login to MAXER, and go to Support -> Support Tickets.
You can also verify if other emails are genuine, such as billing notifications, by going to My Account -> Email History.
If you have mistakenly clicked on a link and/or entered your login details, you should take immediate action to secure your hosting account and prevent it being hacked/compromised. You can set a new password for your cPanel hosting account with one of these two options:
1) Login to your cPanel control panel by typing your website address followed by /cpanel
If you’re not sure, check the welcome email we sent you when you signed up.
2) Login to your MAXER client area, go to the Services page, find the hosting service in the list and click “Manage Settings”, then in the left menu click on “Change Password”.
Our advice is:
– Fake emails are circulating that look like genuine notifications from cPanel or Maxer
– Do NOT click any links or open attachments!
– Never reply to any spam/scam emails
– Emails purporting to be from cPanel can be forwarded to cPanel for investigation. Please forward the email including the full headers to cs@cpanel.net
– Always use very strong passwords and never use the same password for multiple websites
– Keep your computer’s operating system, email application and web browser software up to date
– Inform your work colleagues and family to lookout for similar scams
Please contact our team via www.maxer.com if you are not sure about the legitimacy of any email you receive.