Recent phishing scam: Fatal ERROR! Data lost risk

There is a recent phishing scam going around via email that is trying to trick website owners that there is an issue on their server. It then instructs them to enter in their cPanel credentails in order to resolve the problem, but it links off to a fraudulent phishing site, and not the legitmate cPanel login interface.

Fradulent email to look out for claiming Fatal ERROR!

These are the important parts of the message to pay attention to:

Email Header

Subject: Fatal ERROR! Data lost risk! From: "CPanel Network Server Monitor" <[email protected]> X-Mailer: PHP

The Subject will typically read Fatal ERROR! Data lost risk!

The From will typically read CPanel Network Server Monitor the sender will appear to be from your domain.

The X-Mailer will typically read PHP indicating the message was directly sent from a spam script, not a mail client.

Email Body

The body of the message will make it seem like there is a fatal error (usually related to MySQL) and then provide you with a URL to click on to “resolve this issue”.

Message from CPanel Network Server Monitor, 10/07/2013 00:12:00:  Item: DRIVER=MYSQL Server; MYSQL  Result: Fatal ERROR! Data lost risk!  Explanation: ERROR: Opening connection to database, ADO error: Unspecified error  MYSQL Server does not exist or access denied.  To resolve this issue, please, restart MySQL Server, using this URL:  https://78.46.148.125/cpanel/index.php?domain=example.com&reauth=1783 

Email URL links to fake cPanel

When you click on the URL, it takes you to what appears to be a normal cPanel login interface.

However pay close attention as the URL mentions index.php?domain=example.com

cpanel phishing login page

You can also see that instead of using your domain name to access cPanel, the URL is trying to use an IP address. This IP address is from a hacked server, and when you try to type in your cPanel credentials it’s going to reject them with a password failed error.

You’ve just confirmed that your domain is example.com and just given up your cPanel credentials to a hacker.

Ensuring a proper cPanel login

To ensure you’re logging into your real cPanel account you can follow the steps in our login to cPanel article.

In your web-browser’s address bar if it doesn’t read one of the following formats, don’t login:

  • example.com/cpanel
  • cpanel.example.com
  • example.com:2082
  • secure104.inmotionhosting.com/cpanel
  • secure104.inmotionhosting.com:2082

Reset cPanel password if you suspect it was stolen

If you suspect you accidentally followed this phishing scam, please be sure to reset your cPanel password.

Stormy Scott
Stormy Scott Content Marketing Writer

Stormy is a Content Marketing Writer at InMotion Hosting. Her content focus is WordPress, web design, and help articles for small businesses.

More Articles by Stormy

Was this article helpful? Let us know!