Recent phishing scam: Fatal ERROR! Data lost risk
There is a recent phishing scam going around via email that is trying to trick website owners that there is an issue on their server. It then instructs them to enter in their cPanel credentails in order to resolve the problem, but it links off to a fraudulent phishing site, and not the legitmate cPanel login interface.
Fradulent email to look out for claiming Fatal ERROR!
These are the important parts of the message to pay attention to:
Subject: Fatal ERROR! Data lost risk! From: "CPanel Network Server Monitor" <firstname.lastname@example.org> X-Mailer: PHP
The Subject will typically read Fatal ERROR! Data lost risk!
The From will typically read CPanel Network Server Monitor the sender will appear to be from your domain.
The X-Mailer will typically read PHP indicating the message was directly sent from a spam script, not a mail client.
The body of the message will make it seem like there is a fatal error (usually related to MySQL) and then provide you with a URL to click on to "resolve this issue".
Message from CPanel Network Server Monitor, 10/07/2013 00:12:00: Item: DRIVER=MYSQL Server; MYSQL Result: Fatal ERROR! Data lost risk! Explanation: ERROR: Opening connection to database, ADO error: Unspecified error MYSQL Server does not exist or access denied. To resolve this issue, please, restart MySQL Server, using this URL: http://18.104.22.168/cpanel/index.php?domain=example.com&reauth=1783
Email URL links to fake cPanel
When you click on the URL, it takes you to what appears to be a normal cPanel login interface.
However pay close attention as the URL mentions index.php?domain=example.com
You can also see that instead of using your domain name to access cPanel, the URL is trying to use an IP address. This IP address is from a hacked server, and when you try to type in your cPanel credentials it's going to reject them with a password failed error.
You've just confirmed that your domain is example.com and just given up your cPanel credentials to a hacker.
Ensuring a proper cPanel login
To ensure you're logging into your real cPanel account you can follow the steps in our login to cPanel article.
In your web-browser's address bar if it doesn't read one of the following formats, don't login:
Reset cPanel password if you suspect it was stolen
If you suspect you accidentally followed this phishing scam, please be sure to reset your cPanel password.