cPanel email scam. How to avoid the website losing?

Written by Robert Bailey

The cPanel email virus is a common callsign for the malevolent email spam you can get in your mail client. These messages contain fake statements about your website hosted on the cPanel service. In this email message, you are said that your website was suspended, or that the privacy policy was updated. As the letter states, more information is available by the hyperlink at the bottom of the letter. This hyperlink will lead you to the phishing website. You will read the full explanation of this fraudulent scheme, as well as the possible risks associated with it in this post.

GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
Removing email scam manually may take hours and may damage your PC in the process. I recommend you to download GridinSoft Anti-Malware for threats removal. Allows to complete scan and cure your PC during the trial period.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

What is the cPanel email scam?

The name that was assigned to this scam by alarmed users does not mean that someone from cPanel really tells you about the policy updates, blockages, or other things. The scammers who perform phishing in such a method just choose this name to lull the vigilance. Name of the cPanel is a recognizable thing, since this website hosting is considered trustworthy. And when the victim receives this email, he/she will not even think that this is a phishing1. The possibility that a user will follow the link attached to this message is very high.

cPanel email scam

The hysteria element is increased by the contents of the cPanel email virus email: it states that your website, hosted on the cPanel, is suspended. The reasons, as the message says, together with the possible solutions for site unblockage, can be checked on the page by the link below. The text can vary depending on the decision of scammers. Everything looks real, so the sufferer will likely open the attached document. The phishing site offers you to log into your cPanel account. Fraudsters will get control of your website, and can easily use it to spread viruses.

Malicious email text:

Subject: Updates to the cPanel Services Agreement

%username%. We’re updating our privacy policy and other documents based on GDPR standards


Updating our privacy policy

You’re receiving this email because we are updating the cPanel Services Agreement, which applies to one or more cPanel or services you use. We’re making these updates to clarify our terms and ensure that they remain transparent for you, as well as to cover new cPanel products, services and features.

You can also learn more about these updates on our FAQ page including a summary of the most notable changes.
If you wish to continue to use our products and services we recommend that you find the attachment file that is attached to this email to automatically update to our privacy policy to avoid service interruption, or your %account_number% account being closed.

If you do not agree, you can choose to discontinue using the products and services, and close your cPanel account %account_number% before these terms become effective.

Thank you for using cPanel products and services

How dangerous the cPanel email virus is?

Regardless of the stimulus the user opened the link/file, the victim’s account in cPanel will be hijacked. The consequences of that situation may be awful – fraudsters will not care about the site ranking and content creating. The fact of malicious link posting and malware spreading will surely lead to the ban in the majority of search engines. And malware distributors do nothing but malicious email spam – users give the credentials themselves. No difficult methods, like exploit kit usage – users will do everything themselves.

Here is a short description of cPanel email virus:
NamecPanel email virus
TypeEmail spam
Hazard typePhishing website
Malware sourceMalicious link in the email
DisguiseNotifications from cPanel hosting
Protection methods
To remove possible virus infections, try to scan your PC

This scheme is used to spread spyware, banking trojans and keyloggers. All of them are targeted on your personal data, the most often – on the crucial logins and passwords. The second possible virus may be the most harmful one if you use online banking. It is aimed on gathering the logging keys on the websites of the banks or investment funds, so it can easily hijack your login/password. So, the fraudsters will be free to do whatever they wish with your funds2. At the same time, spyware may miss your banking logging keys, but will surely dig out all possible data about you and your computer. List of the installed apps, often-used apps, anti-malware software onboard, logins and passwords for the social networks – this and a lot of other info will be theft and sent to the command server.

Can I avoid this scam?

The things are not so pessimistic for the cPanel email virus. It is possible to differentiate the counterfeited email. First, you need to remember if you have a cPanel email account. It may be very comical to spectate such spam in case when you don’t have one. However, some users may click the attached file/link just because of the simple inquisitiveness. People can do inadequate acts, and this is just such a case. Another element that can help you to see that somebody tries to scam you is the sender’s email address. Official cPanel email address has a specific domain name, and the fraudsters will definitely not be able to get an email address in this domain. Instead, they will likely register an email address like “” or even “”. It is quite easy to find the difference between the first one from the second and third, isn’t it?

 cPanel email email scam

The example of dubious email address on another online spamming campaign

The final defence level is an security tool. A lot of users have their email conversations in the separated app, called mail client. Some of these clients download the attached document at the moment when you open the message. In this case, you must have an security tool that has a function of on-run protection. Last option makes it possible to stop the virus launching when the situation is similar to one I have described in this paragraph. Same situation is with attached links: to inform you that these links are malicious, the antivirus tool must have an internet protection ability. All of these functions are available in GridinSoft Anti-Malware, and I will recommend you to use it to protect your computer from cPanel email virus and similar hazards.

What can I do if I have clicked on the link/file in the spam message?

Don’t panic. The spyware activity is not a doom. Of course, the important information you have on your personal computer is definitely in danger, but the logins and passwords can easily be changed. First of all, you need to remove the viruses you have got through the cPanel email virus. I can offer you to make use of GridinSoft Anti-Malware to perform this step.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

Now, when the virus is removed, you need to remember which logins and passwords you inputted after clicking the spam message. Malware is not omnipotent, and is not able to steal the logins and passwords which were not in use. So, keep calm and change the login details that are about to be compromised.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)


  1. About phishing methods and ways of counteraction.
  2. Detailed description of the banking trojans on Investopedia

About the author

Robert Bailey

I'm Robert Bailey, a passionate Security Engineer with a deep fascination for all things related to malware, reverse engineering, and white hat ethical hacking.

As a white hat hacker, I firmly believe in the power of ethical hacking to bolster security measures. By identifying vulnerabilities and providing solutions, I contribute to the proactive defense of digital infrastructures.

Leave a Reply