Phishing is a common technique of sending out emails which appear to be real, but in fact are designed to either make you click on a malicious link or to enter your credentials into the wrong form. Unfortunately, all major services like this are targeted including Gmail, Office 365, Netflix and more.
Recently (July 2021), we’ve seen a number of emails targeting both cPanel and Plesk hosting environments. As Conetix heavily uses Plesk for our hosting, we have seen a number of phishing emails targeting Plesk users targeting various messages such as:
- Disk quota(space) exceeding notification
- Not enough disk space available
These emails may appear legitimate but do have a number of grammatical errors and look similar to:
This email is fake. Please do not click on the links contained within the email.
- Please delete the email. This is not a legitimate email and is trying to scam you into providing your Plesk login details. If you haven’t entered your details into the link in the email, there is no damaged caused.
- If you did enter your details and you’re hosting with Conetix, please contact us immediately. We’ll go through the process of resetting your password and running a scan on your site to ensure no malicious action has been taken.
Frequently Asked Questions
How did they know my disk quota?
They didn’t. The numbers listed in the email are fake and randomly generated.
Did they have access to my server or website?
No. Public information can be obtained to determine the type of hosting you’re using and therefore generate these fake emails.
How did they get my email address?
Through publicly available information such as a whois. Even if you have an obscured email address using ID protection (unfortunately not available for .com.au domains), the emails are only obscured not blocked completely.
This information may also come from other sources where there are known email accounts associated with your domain and/or website.
Is it just Conetix they targeted?
No. All hosting providers (both cPanel and Plesk based) are being targeted at present with similar or the exact same phishing campaign. The systems generating the emails won’t be specific to a host, but simply “any cPanel / Plesk based site discovered”.
Shouldn’t your anti-spam systems stop these emails?
The majority of emails were blocked by our anti-spam system. However, as the emails are a very close copy of the real email, they do appear legitimate and therefore more difficult to block 100%.
Why does it look so real?
The emails are based of the exact template used by Plesk (and cPanel), which is designed to trick you into thinking it’s real as well. To counter this, Conetix will be making specific modifications to the Plesk notifications in the near future so that you can easily distinguish between real and fake.