Trusteer warned the customers of website hosting companies, including yahoo.com, against a new phishing attack aimed at stealing their content management system log-in credentials. The e-mails appear to be from a website hosting firm and ask website owners to confirm their cPanel/FTP account information. Using this information, criminals are uploading look-a-like bank website pages to steal funds.
cPanel is a popular CMS (Content Management System), used by many leading hosting providers, including Yahoo. It is used to perform website operations, including FTP account control and setup, which can be used to upload content to the cPanel-managed web site. Over the past few days, a phishing email campaign targeting owners of cPanel-based sites at various hosting providers has surfaced.
The attack is designed to harvest the FTP credentials of site owners, using cPanel-oriented messaging.
“The ability to upload arbitrary content into relatively small and less popular sites may seem un-interesting fraud-wise,” said Amit Klein CTO of Trusteer. “However, evidence we have collected over the past few months connects cPanel-driven sites to online banking fraud. By stealing cPanel login credentials, criminals do not need to use hacking tools to upload content to a website, and therefore can avoid detection until after they have siphoned funds from consumer and business banking accounts.”