ThrustVPS has taken the honorable path in alerting its users that it was the victim of a phishing attack and has now removed the offending scripts. They further announced that the scheme was propagated from their own server.

"The phishing attack came from our server," the admin team wrote. "Upon further investigation the attacker had managed to gain access to the whmcs installation and upload his own files, namely a php shell and a mailer script. These have now been removed and the server has been secured.

Customers were asked to login and update their passwords. Users can feel secure as ThrustVPS does not store any credit card info on their servers. "Our apologies for any inconvenience this has caused and please let us know if there is anything we can assist with during this time," the email continued.