"Cloudflare Helpdesk New Ticket" Phishing Scam at Cloudhelpdesk Website

Cloudflare Helpdesk New Ticket Phishing Scam at Cloudhelpdesk Website

Cloudflare users, if you have received emails like the one below, which claim you have a new ticket from CloudHelpDesk and are asked to click on a link to view the ticket, please DO NOT. This is because the emails are fakes and the links in them go to a fake Cloudflare Helpdesk website (see below) that steals account credentials (usernames and passwords).

A Sample of the "Cloudflare Cloudhelpdesk New Ticket" Phishing Scam

Subject: [Cloudflare]: New Ticket # 5068: onlinethreatalerts.com

Date: Wed 20/09/2017 10:41

From: CF Helpdesk


You have a new ticket from Cloudflare.



Cloudflare Trust & Safety

The link in the fake emails goes to the fake Cloudflare website at hxxps://cloudhelpdesk.website, which is owned by cybercriminals. What the cybercriminals have done is to create a copy of Cloudflare's legitimate website (www.cloudflare.com) at hxxps://cloudhelpdesk.website to trick their potential victims into believing the fake website is legitimate.

The cybercriminals then send out fake Helpdesk emails like the sample above with a link to the fake website. If potential victims visit the fake website thinking it is the legitimate Cloudflare website and attempt to sign-in, their usernames and passwords will be sent to the cybercriminals behind the scam.

Once the cybercriminals have gotten the stolen usernames and passwords, they will use it to gain access to their potential victims' Cloudflare accounts, hijack and use the accounts fraudulently.

Cloudflare users who have already been tricked by the phishing scam are asked to change their passwords immediately. If they are unable to, they should contact Cloudflare for help immediately. Only use the contact information on Cloudflare's website at www.cloudflare.com, and never give out your password to anyone, not even a technical support representative.

Also, Cloudflare offers Two-Factor Authentication and encourages all users to take advantage of the feature for account security. This feature is another layer of security that prevents cybercriminals from gaining access to your account even if they have stolen your username and password. Click here to learn how to enable Two-Factor Authentication on your account.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Was this article helpful?  +
Share this with others:

Comments, Questions, Answers, or Reviews

Comments (Total: 3)

To protect your privacy, please remove sensitive or identifiable information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

  • May 31, 2018 at 10:15 AM by an anonymous user from: Bartlesville, Oklahoma, United States

    I received the following email today...I'm sure it's a scam...have you seen this one?

    "Your Receipt for Your Payment Transfer to Hans Peter

    Thu, May 31, 2018 4:04 am

    hans peter (hanspeter@luethi-clan.ch)

    To:you Details

    May 31, 2018 09:00:11 PDT

    Transaction ID: NT00326658510236E

    Hello vpellizzi@verizon.net,

    You sent payment of 620.00 USD to Hans Peter

    Thanks for using our service. To see all the transaction details, log in to your account.

    It may take a few moments for this transaction to appear in your account.

    Your transaction is being reviewed because our system has detected that you are using a new unknown device!

    Issues with this transaction?

    Cancel and Report >


    Hans.peet22 Note to seller

    You haven't included a note.

    Shipping address - confirmed

    Hans Peter

    5271 Battersea RD



    K0h 1H0

    Canada Shipping details

    The seller hasn’t provided any shipping details yet.

    Description Unit price Qty Amount

    Packet gift of cloudfare 1 Year Subscription Instant

    Item# 322300122235 620.00 USD 1 620.00 USD

    Shipping and handling 0.00 USD

    Insurance - not offered -

    Total 620.00 USD

    Total EUR 530.17 EUR

    This charge will appear on your credit card statement as *Subscriptions"

    From amount 0.00USD

    To amount 620.00 USD

    Exchange rate: 1 EUR = 1.14176 USD

    Currency conversion: To complete this transaction, our currency conversion fee is added to the exchange rate, set by an external financial institution. For more information about fees, see our user agreement.

    Issues with this transaction?

    You have 180 days from the date of the transaction to open a dispute in the Resolution Center.

    Need to contact the seller? go to your account or click on the link in your purchase email to see your order details. For more help visit Resolution Centre.

    Batterseacity, 5271 Battersea Rd, Battersea, ONTARIO K0H 1H0, Canada

    You may unsubscribe or change your contact details at any time."

    • June 29, 2018 at 9:07 PM by an anonymous user from: Birmingham, Alabama, United States

      We got the same email on May 31, 2018

  • October 25, 2017 at 2:57 PM by info

    Another variation of Cloudflare phishing email FYI.

    - Forwarded message -

    From: Cloudflare Trust & Safety <support@clfr.freshdesk.com>

    Date: 25 October 2017 at 17:47

    Subject: [Cloudflare Abuse]: days.to: New Ticket # 8418: malware hosted on days.to

    To: admin@days.to

    Cc: support@days.to, it@days.to


    You have a new ticket regarding malware hosting on days.to.


    Cloudflare Trust & Safety

Comments Show More Comments (2)

Write Your Comment, Question, Answer, or Review

"Cloudflare Helpdesk New Ticket" Phishing Scam at Cloudhelpdesk Website