A small scam I found

May. 23rd, 2024 10:18 pm
aleteoryx: A rough, and roughly digitized, doodle of a person. Their eye is wrong, and their hair appears to have more wrong eyes in it. The hair is tied back. (Default)
[personal profile] aleteoryx

Most email scams are pretty boring, but this one was creative in its execution from what I've seen.

These links below are not harmless. Don't go getting your creds stolen.

I got an email from noreply@[[redacted]], saying to login to my cPanel account for "urgent messages".

The email

Being that I don't use cPanel, I clicked on the link, assuming this would be entertaining. I did not expect to get sent to an IPFS proxy URL, and yet there I was. This "login page" is kinda neat! It stores an email in the URL fragment and then puts an iframe in the background to display the person getting scammed's website. Anyways, this just submits the credentials to https://encon-co.in/fireb/general/_apr/pb3/index2pb3.php. I assume encon-co.in is the actual attacker's server.

Anyways, I think it's neat that the strategy is essentially "spread through cPanel installs to gain a pool of usable emails." The IPFS obfuscation is also kinda fun.

I've let the affected company know about the security breach, and contacted the registrar of encon-co.in and cloudflare, in the hopes of stopping the scam dead in its tracks.

Cya next time!

Tags:
  • Add Memory
  • Share This Entry

yours truly

aleteoryx: A rough, and roughly digitized, doodle of a person. Their eye is wrong, and their hair appears to have more wrong eyes in it. The hair is tied back. (Default)
Aleteoryx
aleteoryx.me, me site

June 2025

S M T W T F S
1234567
891011121314
151617 18192021
22232425262728
2930     

linkies

i use a lot of these

these ones have it goin on

omg ty for making my site look good

Expand Cut Tags

No cut tags
Page generated Jun. 20th, 2025 11:17 am
Powered by Dreamwidth Studios