Quantcast
Phishing Mail Alert: Account Notice : Error № 9747 - Bluehost. | Mobile phone latest news Google+ Follow Smartfonefreaks on Twitter



This is a recent phishing mail targeted at Bluehost customers and i'm writing to alert everyone about it so you don't fall prey of this hack. Please also note that this Phishing Mails have also made its way on Godaddy customers (Try googling it).

Anyways about two days ago i got the following mail which looked like a mail from my hosting provider Bluehost, upon reading it, i clicked on the link provided and to my great disappointment the link showed a forbidden error message (which on a norms Bluehost will never give a link that hasn't been tested)


Since i host a lot of files on my server and i don't want any deactivation i contacted Bluehost customer care and explained to them about the mail i just received and i was immediately told the mail did not initiate from Bluehost and that it was a Phishing Mail.


What is Phishing Mail ?



  1. Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has.

But in this case the hacker wants to get the login details to your Cpanel where they can now upload their malicious script to do the dirty work they've been craving for.

In words the email reads...


Dear Valued Bluehost Customer XXXXXXXX XXXXXX. (THIS HAPPENS TO BE MY REAL NAME THAT I USED TO REGISTER MY ACCOUNT ON BLUEHOST for Confidential reasons i have replaced it with X)  

Your account contains more than 6066 directories and may pose a potential performance risk to the server.Please reduce the number of directories for your account to prevent possible account deactivation. 
In order to prevent your account from being locked out we recommend that you create special tmp directory. 
Or use the link below: https://alert.bluehost.com/accounts.aspx?ids=2be5f9c2e3620eb73c2972d7552b6cb5 
Thank you,
Bluehost
Toll Free: (888) 401-4678
Outside US: 1 (801) 765-9400


Now the link has been hypertext that you won't know that the actual link in the mail redirects to this >>>>>

http://gofrotruba.ru/css/eyoihnssma.htm?eyoihnssma=2be5f9c2e3620eb73c2972d7552b6cb5


It's a FREAKING russian hacker! 


WARNING: DO NOT CLICK THE LINK AND IF YOU ACCIDENTALLY DID, CHANGE YOUR BLUEHOST PASSWORD ASAP!


The strange thing about this mail was that it addresses you by your name which would make you not think twice about verifying the mail. So to be security wise, i changed my Email password, Bluehost Password and Even my CMS(WORDPRESS, MAGENTO, JOOMLA ETC) sites password just incase things try to go messy.


In addition i think Bluehost needs to change the way they send mails, coz their mails tend to look like more of text, less images and this gives any hacker or cloners to clone their emails like they just did for this one.



Another way to verify a link in any mail is to RIGHT-CLICK on the link and Copy the Link, then paste it in a new tab, if the link corresponds with the one in the mail, then you're good to go and if it doesn't! BE VERY CAREFUL!


Hope this was helpful.

Post a Comment

Tell us what's on your mind here.

Powered by Blogger.