We’ve been receiving numerous reports from our clients that have been receiving an email that appears to be coming from cPanel directly about an account is sending viruses and for you to click on the link to clean your account.
Additionally, they are using a spoofed email address that looks like it is coming from cPanel itself. In the cases we’ve been made aware of the email address being used is nortonwebhostscan@cpanel.com.
We can certainly confirm that our clients would not receive communication from cPanel directly of this nature, and as a cPanel partner if an issue required attention it would be brought forward to us whom will in turn contact you. Additionally, this email has not come from or through us.
As with all phishing emails, there are some obvious signs to be aware of.
Language. A phishing email will usually come off as clumsy and poorly worded. Communication from a legitimate organization are more professional.
Urgency. Phishing emails intend to make you think you need to act now to resolve a situation, by advising you to click on a link to update records. In this case, click on a link to clean your cPanel account.
Additionally, when a company is addressing you by your email address and not by your name, it is another telltale sign that while they are trying to personalize it they are using only very basic information to sound like they know you.
Always keep in mind emails from companies that come out of the blue. cPanel does not contact our clients directly and emails that are soliciting action from you like this are a sure sign that this isn’t legitimate.
Please contact us immediately if you have in fact clicked on the link in the message.
—
Subject: Problem with your webhosting account
Dear (your email address),
Your cPanel webhosting account has been transmitting viruses to our servers and will be deactivated permanently if not resolved.
In respect to the above, you are urgently required to sanitize your webhosting account with Norton E-mail Scanner; otherwise, your access to cPanel webhosting services will be deactivatedClick here now to scan and sanitize your webhosting account
Note that failure to sanitize your webhosting account immediately will lead to permanent deactivation without warning.
Please move this message to your inbox and click the link if you found it into your spam mail because the link cannot open in your spam.
We are very sorry for the inconveniences this might have caused you and we assure you that everything will return to normal as soon as you have sanitized your webhosting account.
cPanel Admin
Yeah i have this message too it’s from account@cpanel.net
it say’s
www(.)screencast(.)com/t/yhWddNzhm
Many of our clients have been sending similar messages to us, and in all cases simply ignore and delete these. This is standard email spoofing to make the message look more legitimate.
Reach out to us, or if you are with someone else, your web or server hosting company if you have questions on such messages.