Phishers target web hosting customers

Posted by kent on December 9th, 2009

You might want to be especially cautious about emails that purport to come from your web host. A new phishing scheme is underway, and it's targeting customers of popular web hosting services. The bait is an email that says the following: "Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details."

Following the included link sends users to a facsimile of the popular cPanel web hosting interface which asks users for their FTP login information. Once that's done, the login info is transfered to the phishers.

Where it goes next is unknown, but  granting access to your website's directory to person or persons unknown is a scary thought. Your site could potentially be used to spread malware or launch attacks.

According to Gary Warner, who uncovered the scheme, the phishers are sending emails with the following subject lines (substituting the name of your web host for "targeted hosting company"):

(targeted hosting company) webhosting update
(targeted hosting company) web hosting update
(targeted hosting company) webhosting user
(targeted hosting company) web hosting update
for (targeted hosting company) webhosting user
for (targeted hosting company) web hosting use

Since phishers change their M.O.s frequently, it's best to exercise the same caution you would with any solicitous email. Anytime you get an email asking you to confirm login credentials you should be wary. Don't trust the links in emails, even if they look to be legitimate. If you really think your web host (or bank, for social network) requires you to log in and make changes, always go directly to the site via a previously bookmarked url that you trust.