aleteoryx: A rough, and roughly digitized, doodle of a person. Their eye is wrong, and their hair appears to have more wrong eyes in it. The hair is tied back. (Default)
Aleteoryx ([personal profile] aleteoryx) wrote2024-05-23 10:18 pm
  • Add Memory
  • Share This Entry
Entry tags:

A small scam I found

Most email scams are pretty boring, but this one was creative in its execution from what I've seen.

These links below are not harmless. Don't go getting your creds stolen.

I got an email from noreply@[[redacted]], saying to login to my cPanel account for "urgent messages".

The email

Being that I don't use cPanel, I clicked on the link, assuming this would be entertaining. I did not expect to get sent to an IPFS proxy URL, and yet there I was. This "login page" is kinda neat! It stores an email in the URL fragment and then puts an iframe in the background to display the person getting scammed's website. Anyways, this just submits the credentials to https://encon-co.in/fireb/general/_apr/pb3/index2pb3.php. I assume encon-co.in is the actual attacker's server.

Anyways, I think it's neat that the strategy is essentially "spread through cPanel installs to gain a pool of usable emails." The IPFS obfuscation is also kinda fun.

I've let the affected company know about the security breach, and contacted the registrar of encon-co.in and cloudflare, in the hopes of stopping the scam dead in its tracks.

Cya next time!