Yahoo hosted websites hacked through phishing emails

 Cyber criminals are using series of phishing attacks aimed at stealing content management system log-in credentials from the customers of website hosting companies, including yahoo.com. The cyber crooks deploy cPanel-oriented messaging to collect FTP credentials of site owners according to the reports of Trusteer, the customer protection company for online businesses.

cPanel is a very popular CMS (Content Management System), used by many leading hosting providers, including Yahoo. It is used to perform website operations, including FTP account control and setup, which can be used to upload content to the cPanel-managed web site. Over the past few days, Trusteer’s security monitoring service has detected a phishing email campaign targeting owners of cPanel-based sites at various hosting providers. The messages ask website owners to confirm their cPanel/FTP account information. Using this information, criminals are uploading look-a-like bank website pages to steal funds.

“The ability to upload arbitrary content into relatively small and less popular sites may seem un-interesting fraud-wise,” said Amit Klein CTO of Trusteer and head of the company’s research organization. “However, evidence we have collected over the past few months connects cPanel-driven sites to online banking fraud. By stealing cPanel login credentials, criminals do not need to use hacking tools to upload content to a website, and therefore can avoid detection until after they have siphoned funds from consumer and business banking accounts.”