Phishing alerts & status.
Live status of phishing campaigns we’re aware of, how to tell a genuine Hosthis message from an impersonator, and what to do if something looks off.
No known phishing campaigns
We are not currently tracking any phishing campaign that impersonates Hosthis. If this changes, we will update this page immediately and notify affected customers directly.
What a real Hosthis message looks like
Here’s a real-style invoice notification. The numbered marks point to what makes it legitimate — five things to check on any message claiming to be from us.
Dear Noah,
A new invoice has been raised in your account; please review the attached document.
The total amount due is: CHF 6.99
Invoice Contents
1x .ch - mysuperdomain.ch - CHF 6.99
Subtotal: CHF 6.99
Tax: CHF 0.00
Total: CHF 6.99
If you have any questions, don’t hesitate to get in touch.
Best,
Hosthis
Join our Discord server.
You received this email because you are subscribed to Billing notifications. Click here to manage your subscription preferences.
Sender is @hosthis.ch
Transactional emails always originate from a hosthis.ch address — never gmail.com, outlook.com, proton.me, or a lookalike domain.
Specific invoice reference
Real invoices carry a unique reference (e.g. INV-000008) that matches one inside your client area. Generic or missing references are a warning sign.
Addressed by name
Real emails use the name on your account. "Dear customer" or "Dear user" should make you look twice.
Itemized billing you recognise
Real invoices break down what you actually ordered — products, your own domains, totals. A vague bill or unfamiliar items is a strong warning sign.
Footer links to clients.hosthis.ch
The subscription-preferences link only ever points to clients.hosthis.ch. Lookalike domains (hosthis-billing.com, secure-hosthis.ch) are fraudulent.
Signs you’re being phished
Phishing campaigns evolve, but the underlying tricks rarely change. If you see one of these patterns, slow down and verify before doing anything.
Urgency or threats
"Your account will be suspended in 24 hours", "Pay now to avoid termination" — pressure tactics designed to bypass your judgement.
Requests for passwords or 2FA codes
Any message asking you to share, confirm, or re-enter credentials, one-time codes, or recovery keys is a phishing attempt.
Lookalike domains
Watch the sender domain and link targets character by character: hosths.ch, h0sthis.ch, hosthis-support.com, hosthiss.net — none of these are us.
Generic greetings
Real Hosthis emails address you by name or customer reference. "Dear customer" or "Dear user" should make you look twice.
Unexpected attachments
We don't send invoices as random .zip or .html attachments. Invoices are PDFs linked from clients.hosthis.ch or attached only to expected billing notifications.
Mismatched links
Hover over any link before clicking. The visible text and the actual URL must match — and the URL must end in hosthis.ch (or clients.hosthis.ch).
Report suspicious activity
Forward suspicious messages claiming to be from Hosthis to email. Our Swiss-based abuse desk reviews every report and acts fast when a campaign is real.
Open the abuse form- 1Don't click any link, open any attachment, or reply to the sender.
- 2Forward the message — with full email headers — to email.
- 3If you already clicked or entered credentials, change your password immediately, enable two-factor authentication, and open a ticket from your client area.
- 4If a payment was made, contact your bank to dispute the transaction and let us know via the ticket so we can help trace the campaign.
Incident history
No phishing incidents have been recorded against Hosthis to date. When we identify and respond to a campaign, we will publish a short summary here — what we saw, who was targeted, and what we did about it.