If you have access to a website’s hosting control panel, you can basically do whatever you want with that site. Cybercriminals know this, which is why they’ve launched a phishing scam designed to trick website administrators into handing over their cPanel credentials.
The fake emails carry the subject line “Your cPanel Account Verification,” and they read something like this:
“Our Technical Services Department are carrying out a planned software upgrade. Please login to re-confirm your account. To login, please click the link below:
This instruction has been sent to all our customers and is obligatory to follow.”
The link points to a phishing site where users are asked to hand over their credentials, Hoax Slayer warns.
Webmasters are usually well aware of such schemes and most of them will probably recognize the malicious attempt. However, there could be some less experienced website owners who might fall for the scam.
If you’ve already handed over your cPanel credentials to the cybercriminals, change your password as soon as possible, before they lock you out of your account. If you’ve used the same password for multiple accounts, change all of them.