Phishing Mail received: <example.com> Attention! No disk space(quota) left

Situation

• Phishing Mail received:

  CONFIG_TEXT: <example.com> Attention! No disk space(quota) left

• Base URL is not the Hostname of the hosting server nor the domain of the user:

  CONFIG_TEXT: https://PhishingDomain.com/login_up.php?success_redirect_url=https://www.example.com:8443

• URLs on the mail redirect to webhostplesk.com

Impact

External Phishing attack, trying to steal server/user credentials

Call to Action

1. Report Phishing to the domain registrar and email server provider, this can be checked over WHOIS, as an example:

   Main domain:

   # whois webhostplesk.com | grep -i Abuse
   Registrar Abuse Contact Email: compliance_abuse@webnic.cc

   Do the same for the hacked domains that redirect to the main one:

   # whois PhishingDomain.com | grep -i Abuse
   Registrar Abuse Contact Email: abuse@hoster.com

   Report IP of the server that send the mail:

   # whois 203.0.113.2 | grep -i Abuse
   % Abuse contact for '203.0.113.0 - 203.0.113.255' is 'abuse@hoster.com'

2. Do not click or use the links in these mails nor fill in any information there

3. Use anti-spam measures How to protect a Plesk server from incoming spam and viruses