Back to Fred Mac Donald's Blog

Phishing Email – WARNING The domain 'mydomain.com' has reached their disk quota

Phishing Email – WARNING The domain 'mydomain.com' has reached their disk quota

We noticed, and clients reported, a huge increase in a cPanel phishing email we personally have not seen in the field before.

The email…

Subject Heading: [mydomain.com] WARNING The domain "mydomain.com" has reached their disk quota.

Email Body.

Disk quota notification for "mydomain.com".

The domain "mydomain.com" has reached their disk quota.

The account currently uses 97.27% of its disk capacity.

You should follow the link bellow to auto extend your disk capacity for free as soon as possible in order to prevent the loss of any files and future emails. Use the Disk Capacity tool at https://mydomain.com:2083/?goto_app=DiskCapacity.

The system generated this notice on 2021/3/23 17:44:57.

You can disable the "User Disk Usage Warning" type of notification through the cPanel interface: https://mydomain.com:2083/?goto_app=ContactInfo_Change

Do not reply to this automated message.

A couple of pointers you can look out for.

What will happen if you click the link?

You will be taken to a page on a hacked website that looks pretty convincingly like what you would expect to see when you log into your cPanel. The most obvious indicator is the URL of the page.

Fake cPanel login screen

What will happen if I entered my details?

The sole purpose of the phishing scam is to gain access to your cPanel and hosting account. The scammer will then access the account, upload a file or two and most probably use your website in the link in the email sent out to the next unsuspecting person or to phish for banking details or even sell viagra…

What if I already entered my details?

If you entered your lodging details into the form, change your lodging details immediately. Also, let us know as soon as possible so we can run additional scans to ensure there are no files uploaded tr existing files are not changed to hide their virus.

Written by:  - 23 Nov  
comments powered by Disqus
flashy