Question
A phishing email may be sent from an unrelated 3rd party posing as a reputable business to compromise the security of the account in question. This article covers how you can distinguish between legitimate emails from cPanel and spoofed emails only claiming to be from cPanel.
Answer
If the email looks suspicious, it more than likely did not come from cPanel. That said, this can be checked via the email headers. The article below covers how to locate the headers for the email.
From the email headers, you will be able to see which server sent the email. We are using Outlook for mail, so the email should come from one of the Outlook servers. An example of this is shown below.
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2091.outbound.protection.outlook.com. [192.0.2.0])
Additionally, you will want to check that DKIM and SPF passed. Valid records should look something like the following:
dkim=pass header.i=@cpanel.net header.s=selector1 header.b=fI5f9kNG; arc=pass (i=1 spf=pass spfdomain=cpanel.net dkim=pass dkdomain=cpanel.net dmarc=pass fromdomain=cpanel.net); spf=pass (domain.tld: domain of account@cpanel.net designates 192.0.2.0 as permitted sender) smtp.mailfrom=account@cpanel.net;
If you have any doubt about whether an email claiming to be from cPanel is legitimate, please do not click on any links or open any attachments contained within the said email, as these may prove to be malicious.
If the email is known to be fraudulent and you would like to report it, you can report the offenders by forwarding the email to reportphishing@apwg.org or visiting https://apwg.org/reportphishing/. The APWG (Anti-Phishing Working Group) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime.