Fake / Spoofed cPanel TSR Announcements

KH-Derrick B.

Support Manager
Staff member
We've seen a few instances of FAKE cPanel TSR [security] announcements being received -- here's an example on Reddit, followed by a post from cPanelPhil:
Code:
--
https://old.reddit.com/r/cpanel/comments/hhjbd8/spoof_mail/
--
cPanelPhil[M] [score hidden] 14 hours ago* stickied comment 

I can confirm that this is not a legitimate email, because I personally send the TSR announcements myself. TSR-2020-0003 was sent May 19th this year, not whenever this emailed was dated. This is a phishing attempt.
Edit: additionally- the sending domain “cpanel-security.net” is not resolving, nor is it us. TSR email announcements will come from list@cpanel.net, I believe.
--
These faked TSR emails look very similar to legitimate TSR emails sent by cPanel -- and these fake annoucements appear to include a link that may be used to hijack a WHM login. Don't click the 'Update your cPanel & WHM installations' link, and trash this email like you would with any other spam/phish email.

cPanel does NOT include links to update cP/WHM from within an email, will include a linked to a PGP-signed message, and will come from list[at]cpanel.net. cPanel also makes these TSR annoucements available on their forum, through an Atom/RSS feed, and of course their site (in addition to their mailing list.)
 
Top