Back to Blog

Phishing attempts target SiteHost customers

/ News
SiteHost customers are receiving phishing emails with fake login links. Time to add 2FA to your SiteHost account and take other steps to protect yourself.

Since late yesterday we have heard from customers who have received scam emails with our name and logo on them. They are part of a phishing attempt and are not from us.

The examples that we have seen have the subject line, "Note on service renewal". They say you have a bill to settle within 48 hours.

If you have received this email, it is not from us. Please delete it and block the sender.

Phishing attacks like these tend to evolve over time, so it is time to be particularly vigilant when it comes to your SiteHost account.

Protect your account with two factor authentication

Two factor authentication (2FA) adds an extra step when you log into your SiteHost account. You can use common apps like Google Authenticator or Authy to generate 2FA codes for your SiteHost account. Anyone without your phone will be unable to get past that step, even if they know your password.

Any SiteHost account holder can set up 2FA for themselves, and account administrators can enforce 2FA for all the contacts on their account.

See how to set up and manage two factor authentication in the Knowledge Base.

Check where emails are coming from

The phishing emails that we are aware of have a sender address of, which is a fake address.

Any email from is spam. Delete it and block the address if you can.

It's common for phishing attacks to evolve, so other sender addresses are likely to be used.

Check where links are leading you

The only genuine SiteHost website domains are:




  •, which does not contain a login link. is the subdomain for the SiteHost Control Panel, which is where all account activity is managed. This is the only subdomain where we'll ask for credit card information. and are the only two subdomains where we ask you to log in.

There are no other SiteHost websites or portals. Do not trust links to any other domains.

Check anything strange with us

If you receive any communication that seems to come from us, but it seems a little phishy, you can always ask us about it.