Input Elaborate Plesk Phishing Spam Emails

[thebt]

Thought I'd share this as haven't seen anything in the forums and is probably the most authentic looking spam/phishing email I've ever seen and people will be easily caught in this.

We run Plesk infrastructure for a small hosting company and got the email below into our helpdesk today

The thing is this email (and even domain) it was sent to is not setup in Plesk anywhere and the site is using ~8% of its disk quota so was weird. If you click the link in the email it bounces of a hacked wordpress site and brings you to a different plesk instance hanging off server115.serverconfig.center which is not one of our servers. I'm guessing they're capturing plesk logons to hack sites

Screenshot of the email

plesk1.png

Shared with Dropbox

www.dropbox.com

Source code of the email

source.png

Shared with Dropbox

www.dropbox.com

 

[JeffreyZ]

I had a client forward something similar he found in his junk folder, from the same date you received yours. I suspect they don't know it's a Plesk domain, but rather then just spam everything figuring a lot will actually be Plesk. Email to my client was from "webmaster" and apparently their Google Workspace account must have a catch-all configuration -- there is no webmaster email.

 

[IgorG]

There is an article Phishing Mail received: Attention! No disk space(quota) left about it.
A corresponding internal report is PFSI-62906