Tips & Tricks

How to Spot Phishing Attempts

We all know that there exists bad people on the Internet that want to steal our personal information for whatever nefarious reason they may have, right? Sometimes they want our bank account login, which makes sense, but other times they want something that maybe makes less sense, like a Facebook login. No matter what the reasons are that motivate these people, any attempt they make to effectively trick you into providing the information they are after is called “phishing.”

Phishing comes in many forms, we’re going to discuss the most popular ones and also give you the knowledge necessary to identify and protect yourself from these attempts; online and in real life.

What Exactly is Phishing?

Phishing is, in practice, the attempt to trick someone into providing their personal data (be it account credentials, credit card numbers, or other sensitive information) by fraudulently presenting yourself as a trustworthy institution or individual who needs the information for legitimate purposes.

A simple example of phishing would work like this:

  1. I receive an email that has my bank’s logo at the top of the email and it says that my password has been disabled due to multiple failed login attempts. It says that my account security is very important to them and I need to now restore access to my account by clicking on the link below.
  2. I click on the link and it takes me to a website that looks exactly like my bank, and so I go ahead and put in my username and password. But then it doesn’t log me in, instead it might display some kind of error, but at this point it really doesn’t matter, because…
  3. I have now provided my bank account credentials to a phisher, they can instantly log into my bank account, change the password to lock me out, and transfer away my life’s savings.

Here’s an actual phishing email we recently received attempting to do exactly what’s described above:

Example of a phishing email.

In a nutshell, that’s how phishing works. Though these scams have become more elaborate over time, including being attempted via text message and telephone: “Hello, this is your bank calling. We need to discuss an important issue with you about your account, but first we need to verify your identity. Please provide your username and password…”, the general purpose and execution of these scams remains basically the same. 

How to Protect Yourself From Phishing

As you can see, phishers have multiple ways to attempt to trick you, but there are some fundamental things to keep in mind that will protect you and prevent any phisher from being able to take advantage. 

  • Always consider the source. That email from “your bank” that asks for your account credentials is most likely from some email address completely unrelated to your, or any, bank. For example, here’s a closer look at that email we showed you earlier, note that the sending email is simply a random email address:
Example of a phishing email header
  • And again, always consider the source. If “your bank” calls you and asks for any sensitive information, consider that a phishing call. But if you call your bank, then in that instance you are the source and you would be able to consider providing account-specific information related to the reason that you made the call. 
  • Never click on any links contained in suspicious-looking emails. Sometimes these links can contain executable files that would compromise whatever device you were using when you clicked. 
  • Exercise good judgement. If something looks a little bit off, then it’s probably a phishing attempt. This can include misspelled words, bad grammar, or unusual phrases contained in emails from “legitimate” businesses.

When in doubt, the best bet is often to just reach out to the actual alleged sender; call your bank and ask if they sent you that email. As always, it’s better to be safe than sorry.

If you happen to ever spot a phishing email that claims to be from cPanel or sends you to a cPanel login page, please forward that email to cs@cpanel.net with the full email headers so we can properly investigate that phishing attempt.

And for more information about phishing, visit https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

If you have any feedback or comments, please let us know. We are here to help in the best ways we can. You’ll find us on Discord, the cPanel forums, and Reddit.

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.