Trusteer issued a security advisory warning customers of managed hosting companies including Yahoo.com of a new phishing attach that is aimed at stealing log-in credentials for their content management systems. The customer protection company serves online businesses and discovered emails that appear to come from Yahoo.com and other website hosting companies. The said messages ask site owners to confirm their account information for cPanel/FTP. With this information, the hackers uplook look-a-like bank websites in order to steal funds.
cPanel is a Content Management System that is widely used by well-known hosting providers such as Yahoo. The system is designed for website operations such as FTP account setup and control. This is then used to upload content into a website managed by cPanel. Trusteer’s security monitoring service detect phishing email campaigns over the past few days that are targeting owners of sites that are cPanel based. The attack is conducted to harvest FTP credentials through the cPanel-oriented messaging system.
According to Amit Klein, CTO of Trusteer and head of the research organization, fraud-wise, the ability to upload arbitrary content into smaller and less popular sites may not sound so interesting. But evidence that the company collected over the past months suggest that online banking fraud is somehow linked to cPanel driven websites. There’s no need to use hacking tools after getting hold of cPanel login credentials. They can upload content to websites and avoid detection without having to use state-of-the-art hacking techniques. In this way, they can easily siphon off funds from consumers and corporate banking accounts without being suspected of illegal activity.