If you get an email similar to the example described below, do not click on any links in it. It is fake, malicious, and dangerous.
Data in brackets [ ] below indicate variables that will be different for you, depending on date, your own domain name, email address, etc. Spelling and grammar are exactly as they appear in the ones we know of. All links in the example below have been disabled for your safety. The scammer's email address and website URLs have been additionally altered with inserted spaces in the example below for the same reason.
Sender may vary. Possibilities include but are not limited to: "upacc @ id . cpanel . net" (spaces inserted for safety). But a glance at the email source headers proves this is forged. It is not really from cPanel. Rather, it is from some other third party's hacked/compromised private email account hosted on an insecure server somewhere else, which has been hijacked to propagate the malicious scheme.
Subject: Important update regarding your cPanel webmail(info)
Content Body is as follows:
Again, we cannot emphasize enough: DO NOT CLICK ANY LINKS IN THE EMAIL! You may, however, if using a mouse (not on a mobile device!) carefully hover over the link without clicking it. In some email apps, hovering over a link will display the true destination of the link in the body of the email. In the example above, the link destination URL was https : / / insel-1. de / anweisungen /[random short string of letters and numbers] / ?id=[email address]Important Update From cPanel
Hello,
As part of our on-going effort to maintain a high level of service and improve the security of our products, cPanel added a new email security features. As part of this effort, we are requiring all users to upgrade their email accounts to this latest security.In order to ensure your email will continue to function as expected, you will need to follow the link below to automatically upgrade your email security.
https : / / cPanel . com / enidentify / user / Login ? [a random long string of letters and numbers] log=[your email address ].
Due to the serious nature of this security update, we are temporarily suspending email accounts that leave this message unattented.However, we must ask that you please resolve this matter as quickly as possible. Should any associated negative impact persist or escalate in severity, it may become necessary to suspend your service without further advance notification.
Thank you for using cPanel products and services.
Sincerely,
cPanel management team.This is a service email from cPanel. Please note that you may receive service emails in accordance with the cPanel Terms of Service and Privacy Policy, whether or not you elect to receive important update.
Also note: The real, legit cPanel doesn't even use cPanel.com as a domain name URL. The real cPanel company uses cPanel.net. But more importantly, cPanel the company never sends emails to accounts on servers that use its software. Any emails you get about your cPanel or related services (email, etc.) will come from either your own hosting server or from your own domain name, any links in the body of the email will be to either your own hosting server or your own domain, and the visible links will exactly match the true destination of the links. A legit cPanel email about your account or email will never contain any account management link/s to cPanel.net or cPanel.com. They (cPanel.net) write software. That's it. They don't micromanage user accounts on servers owned by hosting companies who license its software.
If you got an email like the one described above and clicked on any link in it, login at https://my.12wonder.com and go to your Hosting account detail page and change your cPanel password immediately. After you do that, login to cPanel with your new password and go to your Email Accounts page in cPanel, and change all of your email account passwords. Don't forget to then update your email password settings on all your devices where you have those accounts set up for email.
Do not shut down your computer until you have done thorough, deep scans for malware, even if the link in the email resulted in what appeared to be a "404 Not Found" page. There is no way to know for sure in every case, but that "404" error page may not have been a true 404; it could have been a malicious page with drive-by download/s in it, designed to look like a harmless "not found" page. That's one of the latest tricks hackers and ransomware are using these days.
