Recent Phishing Scam: Fatal ERROR! Data lost risk

There is a recent phishing scam going around via email that is trying to trick website owners that there is an issue on their server. It then instructs them to enter in their cPanel credentials in order to resolve the problem, but it links off to a fraudulent phishing site, and not the legitimate cPanel login interface.

Fraudulent Email to Look Out For Claiming Fatal ERROR!

These are the important parts of the message to pay attention to:

Email Header

Subject: Fatal ERROR! Data lost risk! From: "CPanel Network Server Monitor" <[email protected]> X-Mailer: PHP

The Subject will typically read Fatal ERROR! Data lost risk!

The From will typically read CPanel Network Server Monitor the sender will appear to be from your domain.

The X-Mailer will typically read PHP indicating the message was directly sent from a spam script, not a mail client.

Email Body

The body of the message will make it seem like there is a fatal error (usually related to MySQL) and then provide you with a URL to click on to “resolve this issue”.

Message from CPanel Network Server Monitor, 10/07/2013 00:12:00: Item: DRIVER=MYSQL Server; MYSQL Result: Fatal ERROR! Data lost risk! Explanation: ERROR: Opening connection to database, ADO error: Unspecified error MYSQL Server does not exist or access denied. To resolve this issue, please, restart MySQL Server, using this URL: https://78.46.148.125/cpanel/index.php?domain=example.com&reauth=1783

Email URL Links to Fake cPanel

When you click on the URL, it takes you to what appears to be a standard cPanel login interface.

However, pay close attention as the URL mentions index.php?domain=example.com

Fake Phishing cPanel Login Page

You can also see that the URL is trying to use an IP address instead of your domain name to access cPanel. This IP address is from a hacked server, and when you try to type in your cPanel credentials it’s going to reject them with a password failed error.

You’ve just confirmed that your domain is example.com and just given up your cPanel credentials to a hacker.

Ensuring a Proper cPanel Login

To ensure you’re logging into your real cPanel account you can follow the steps in our login to cPanel article.

In your web browser’s address bar if it doesn’t read one of the following formats, don’t login:

  • example.com/cpanel
  • cpanel.example.com
  • example.com:2082
  • secure104.inmotionhosting.com/cpanel
  • secure104.inmotionhosting.com:2082

Reset cPanel Password if You Suspect it Was Stolen

If you suspect you accidentally followed this phishing scam, please be sure to reset your cPanel password.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

Was this article helpful? Join the conversation!