Fake WordPress / cPanel / web hosting account suspended phishing — impersonates Bluehost, GoDaddy, HostGator, Namecheap, SiteGround, or Hostinger claiming the site is suspended for policy violation, malware, or overdue payment and driving to a credential-harvest page; FTC + CISA: web hosting impersonation grew 78% in 2024; 40%+ of the web runs on WordPress, giving attackers a massive target pool of site owners who panic about losing their online presence

Phishing emails impersonating Bluehost, GoDaddy, HostGator, Namecheap, SiteGround, Hostinger, or a generic "Web Hosting" provider claiming the recipient's hosting account has been suspended, their website contains malware, or payment is overdue — driving to a credential-harvest page capturing cPanel, WordPress admin, or billing credentials. Key facts: (1) FTC + CISA 2024: web hosting account impersonation phishing grew 78% year-over-year as small businesses and content creators increasingly depend on their websites for income — the threat of losing a website triggers immediate, uncritical action; WordPress alone powers 40%+ of all websites globally, making it the single largest attack surface in web hosting phishing; (2) The "malware detected" variant is particularly effective because it adds a layer of apparent legitimacy: hosting providers do legitimately send malware suspension notices, so recipients are primed to expect them and respond quickly — a successful phish captures both cPanel/WordPress credentials and billing card details; (3) cPanel credential takeover is extremely high-value because cPanel controls the entire web server: the attacker can host additional phishing pages on the victim's domain (increasing credibility of downstream phishing campaigns), exfiltrate all website files and databases (including customer data stored in WordPress/WooCommerce), send spam from the victim's domain (destroying sender reputation), and access all email accounts hosted on the domain; (4) The "account will be permanently terminated unless you verify within 24 hours" time pressure bypasses careful sender-domain verification — especially for business owners who depend on their website for e-commerce sales or client communications. Warning signs: sender domain not bluehost.com, godaddy.com, namecheap.com, siteground.com, or the official domain of any known hosting provider; urgency about account termination or malware within a tight deadline; link to a non-official cPanel or billing portal; no reference to specific domain name, hosting plan, or account details.