Hostgator Account Phishing Emails » Blog: Security, FAQs & Blog - inlineVision: Web Development / E-Commerce / PPC | Las Vegas, NV | High-Performance Websites & E-Commerce Solutions

Hostgator Account Phishing Emails

Mar 6th, 2020

I used to write quite a bit about scams and phishing attempts; but since they have become so prevalent I haven’t touched on the subject in a while.

I am so used to receiving multiple “account alerts” from “banks” and other sources on a daily basis; I have become so accustomed to the usually particularly (bad) language they all have in common that I really do not pay attention to them anymore.
And while I might receive up to 100 on any given day, it takes me maybe one minute per day to delete them.

I’ve simply succumbed to accepting those messages as the nuisance they are and don’t think about them – unless I stumble across something new (= new to me) or something exceptionally bad.

Hostgator Account Restriction Emails

The other day I received these emails in my Inbox(es):

Hostgator Emails No Sender

They came to all of our inboxes, including accounts we manage for clients.

And this is what the inside looked like:
Hostgator fake email

We manage a bunch of client accounts across various hosting platforms, and over the years I’ve received my fair share of emails from Hostgator – needless to say none of them ever contained no “Sender” or such a garbled subject line – not even mentioning the design and language of the actual email.

To say it was a lame attempt at phishing would be already giving them too much credit; but sometimes I have to remind myself that not everybody looks at these things the way I do — and there it was, the same message, forwarded to us by a semi-frantic client.

The good thing about this client forwarding us the message of course was that he didn’t take any action himself, didn’t click a link or worse, tried to enter legitimate account information into the fake website behind the link. We try to train our clients hard to never engage with emails regarding any digital asset they’ve entrusted us with managing for them, but instead to immediately forward them to us.

Naturally the link inside the email the seems to go to HostGator doesn’t – simply hovering over it reveals its real destination:

HostGator fake email phishing link

And looking at the enail header tells us which systems they used to send the messages:
Of course we’re not alleging the owners of the account behind the domain names, IP addresses or the data centers are complicit in this – most likely it’s only a compromised account on their server(s).

Hostgator fake phishing email header

Hostgator fake phishing email header

Hostgator fake phishing email header

Although they seem to have a few different compromised systems to send their emails, and were sending them to all kinds of different recipients, there was no unique identifier in their target link.

This morning, Google already recognizes the website as deceptive, as evidenced here:

Google Chrome deceptive site

The fake landing page is also not the best of fake sites I’ve seen, none of the links at the bottom are working; the only thing they need to be working is the “login form” which captures any and all data someone types in and hands that data over to a php script before switching to a “Confirmation” page, which then, after 3 seconds, redirects the user to Hostgator’s actual homepage.

Fake Hostgator login page

Fake Hostgator confirmation page

Fake Hostgator script capture

Fake Hostgator redirect

Summary

While definitely not an A+ phishing attempt; I’d would simply like to remind everybody that accounts hardly ever get compromised via an outside attack, but via users blindly clicking on anything.
This is even potentially how they got access to the servers they now use to send more of these emails to more unsuspecting users.

Related Posts

[easy-social-share buttons="facebook,twitter,linkedin" counters=1 counter_pos="rightm" total_counter_pos="none" hide_names="yes"]