Friday, 26 August 2022 11:47

Phishing Emails from 'SSL on InMotion' no-reply@cpanel.net: Beware!

Written by

Beware! Fake emails being sent to InMotion customers - one of my other clients forwarded me the same thing last night - it looks like some bad actor has received a copy of InMotion's customer database.  Do not click on the "Verify Email Address" link in these emails!  

cpanel.net is a legitimate site but this emails are spoofed / fake!  

From: 
This email address is being protected from spambots. You need JavaScript enabled to view it.

Subject:
example.com | This email address is being protected from spambots. You need JavaScript enabled to view it.: AutoSSL reduced SSL coverage

Message Content:


Verification is required for This email address is being protected from spambots. You need JavaScript enabled to view it..

Autossl has successfully renewed the Email Validated (EV) SSL certificate for
This email address is being protected from spambots. You need JavaScript enabled to view it. on the InMotion Network Server.

The new certificate lacks the secure key for your email address; This email address is being protected from spambots. You need JavaScript enabled to view it., this might lead to email deliverability and security issues.

A verification is required to use this feature for a secure and efficient mailing experience.
Verify Email Address

© 2001-2022 InMotion®, All Rights Reserved.


Raw Message Headers, for forensic analysis:

from ec2-52-23-177-170.compute-1.amazonaws.com ([52.23.177.170]:19742 helo=FEVM020000216205.localdomain) by ecngx308.inmotionhosting.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>;) id 1oRNwq-00CRTM-SW for This email address is being protected from spambots. You need JavaScript enabled to view it.; Thu, 25 Aug 2022 21:15:49 -0400
from cpanel.net ([103.156.93.66]) (user=This email address is being protected from spambots. You need JavaScript enabled to view it. mech=DIGEST-MD5 bits=0) by FEVM020000216205.localdomain with ESMTP id 27Q1FN5p023013-27Q1FN6K023013 for <This email address is being protected from spambots. You need JavaScript enabled to view it.>;; Thu, 25 Aug 2022 18:15:48 -0700

 

How to check if your email was fake, too:

  1. Pull up the email in question using your mail program (Outlook, Thunderbird, Webmail, etc)
  2. Look for the option that displays the raw message headers.  Normally this is in "View -> Headers -> All"
  3. Check to see if the email addresses match the sender in "From" - in my case the "mismatch" is This email address is being protected from spambots. You need JavaScript enabled to view it. 

 

Last modified on Friday, 26 August 2022 12:07

Latest Comments

Just received one today (16 Aug 2022) from "Mailchimp". Thanks for sharing!
Thanks for posting this. I just got one today. I was 99% sure it was a scam, and your post confirmed...
Thank you. I just got one of these emails and was suspicious so I did a search.
Another one for 2022 Hello, Your website or a website that your company hosts is violating the copy...
Nate Covington posted a comment in Download XMap for Joomla - All Versions Joomla
Hi, I stopped using Xmap years ago. Not sure about your particular error with Hikashop. I suggest ...


Design & Development

Wordpress, Drupal, Joomla
New custom websites
Bespoke themes and extensions
Redesigns, upgrades, migrations

Web Design & Development


Optimization & SEO

Let us optimize and manage your overall online presence. We offer full service monthly SEO as well as one-time projects.  

Optimization Plans & Pricing


Maintenance, Patching

White glove monthly backups, security updates, maintenance and testing for your Wordpress, Drupal, or Joomla site.

Maintenance Plans & Pricing


Email Newsletter

Bring your web & marketing performance to the next level: monthly blog post roundup via email.  

Stay in Touch!