Should You Worry About the cPanel Vulnerability?

In late April, it was revealed that a critical vulnerability in cPanel could allow malicious actors to gain unauthorised access to websites and hosting accounts. A security patch was quickly released and implemented to address the issue. If your website is hosted with us, your hosting environment has been secured against this vulnerability.

However, vulnerabilities like this often lead to an increase in phishing emails designed to take advantage of concern and confusion around website security.

Here are some ways to help identify a phishing attempt.

The Email Address of the Sender

When you receive an email, the sender’s display name may appear instead of the actual email address – or alongside it. Display names can be changed to anything, meaning a phishing email could appear to come from “cPanel” even when it does not.

Rather than relying on the sender’s name, always check the actual email address.

Legitimate emails relating to your hosting account may come from:

• an official cpanel.net email address
• your web hosting provider
• an email address associated with your own domain, such as support@yourdomain.com

If the sender’s email address looks unusual or unrelated, it may be a phishing attempt.

Generic Greetings and Lack of Specific Details

Phishing emails are usually sent in bulk using generic templates. In many cases, the scammer only knows your email address, so the content is often vague and non-specific.

Be cautious of messages that:

• use generic greetings such as “Dear Customer”
• claim you have reached a “critical limit”
• warn about urgent account problems without specific details
• mention storage usage percentages without referencing your hosting plan or actual limits

Legitimate hosting notifications are typically more detailed and relevant to your account.

Typos and Mistakes in the Content

With the rise of AI tools, phishing emails are becoming more convincing and often contain fewer spelling mistakes than they once did. However, awkward phrasing, inconsistent formatting, and incorrect terminology can still be warning signs.

For example, emails claiming to be from cPanel may incorrectly capitalise the name as:

• Cpanel
• CPanel
• cpanel

The correct branding is “cPanel”.

Links Go to a URL That Isn’t Legitimate

The purpose of many phishing emails is to steal your login credentials. To do this, scammers create fake login pages designed to look like cPanel or Webmail.

Hovering your mouse over a link in an email can show the destination URL before you click it. If the link points somewhere unexpected or unrelated to your hosting provider, do not click it.

It is strongly recommended that you do not click on links in emails you are unsure about. Instead, open your browser and manually navigate to your cPanel login page or hosting provider’s website. If there is a genuine issue requiring your attention, it will usually appear within your account dashboard.

*****

While news of a critical cPanel vulnerability can sound alarming, our technical team acted quickly to apply the required security patches and protect hosted websites and accounts.

There is no need for concern if your website is hosted with us. If you receive an email claiming to be from cPanel and you are unsure whether it is legitimate, feel free to forward it to us or speak with your trusted IT provider for advice.

Contact us today if you have any questions about the cPanel security patch or would like to discuss improving the overall security of your website.