Disk Quota Notification Trick

One of the frustrating ways that hackers will try to get access to your website is through official looking notifications that alert you to an issue with your bandwidth or disk space for your hosting account. They hope to get you to click a link in the email to either inadvertently download malware, or log in to a fake version of your account so that they can capture your login information. Here is an example of one recent notice a client of ours received (domain redacted for privacy)...


One of the first giveaways is the "from" email address... while name and email are easily spoofed, fake notices often have information that doesn't make sense. In this case, the domain "cu-planningpro.com" which has nothing to do with cpanel or the person's own domain. (It's best not to try going to those addresses in your browser, as that can also lead to accidentally downloading malware.)

The next red flag is the instructions... if you have a web hosting account that has a limit on space, you wouldn't both get a notice about reaching a limit and a link to extend that limit for free. Notice in how they word it that they try to make you scared you'll run out of room and lose files and/or emails, and then entice you with a "free" extension. This is the classic stick and carrot to try to get you to take the action they want. In this case, they want you to click one of the links.

They set a second backup lure with the final link, suggesting you can just disable notices - this is for anyone who doesn't care about having run out of space and just doesn't want to be bothered. Both links are connected to destinations that are NOT what you see visibly on the screen.

For comparison, here's an example of a legitimate notice similar to the one above (this one is sent when an account is approaching it's limit)...


If you're viewing your email in a web-based tool like Gmail, you can hover over a link without clicking it, to see where that link would take you. In a case like the fake notice above, it's then easy to see that the link is not going where it says it's going.

One of the best things you can do is just check with your service provider to see what your account status is and whether any action is needed on your part. Also, if there's an issue with either your space or bandwidth on your hosting account, you'll likely know that as it would affect some aspect of your website or email.

Always be distrustful of unexpected emails.


Later in the same day I received the following email (which was correctly routed to my spam folder)...


This is another example of phishing that attempts to use common services to trick you into clicking a button and going to a link that will likely leave you with malware on your computer. This notification uses similar colors and fonts to the software that many people's webmail runs on... but contains many clues to it's fakeness. The biggest one being the message that they have updated their security servers (which doesn't mean anything) but then asking you to click a button to update your webmail yourself. No legitimate service would ask you to "update your webmail" without providing much more detailed information.

Share, email, or print this post...


Posted on by Nathan Lyle in Security, Spam Hall of Shame and tagged , , , , , , , , , . Bookmark the permalink.

About Nathan Lyle

Nathan is a father of four, an amateur musician, and an aspiring photographer. He started programming in 4th grade on an Apple II+ and many years later spent much of his college years freelancing website design for college departments. Nathan is a veteran of the Browser Wars, and will gladly talk at length about the changes he has seen in Web technology if you accidentally ask him.

Leave a comment

Your email address will not be published. Required fields are marked *