Scam Emails Targeting Blacknight

Recently there have been a number of phishing attacks targeting us and our customers.

Our customer service team are dealing with high volumes of calls regarding the issue.

The email did NOT come from us, and is a form of scam. Please do NOT click on any of the links in the email. We take the security of customers and systems very seriously and to the best of our knowledge there has not been any breach of security.

Our senior staff are working with partners in the industry to get the malicious websites taken offline as quickly as possible.

Below are some examples of phishing email and the fake page that the link sends users to

A few things to watch out for with these emails:

  • Bad grammar is usually a frequent giveaway. Legitimate companies take care to present their corporate communications in a way that reflects well. Sloppy English can be a sign of a scam.
  • Look carefully at the link you are being asked to click. The linked text may look like a normal address, but the actual link it points to may be different. Does a different link address appear in the status bar at the bottom of the window when you put your mouse over the linked text? Don’t click it.
  • If you have clicked the link, look at the address bar at the top of the browser window. Look at the hostname (or domain name) part of the address. This is the part after ‘https://’ and before the next ‘/’. This should contain only, or, or It should not contain any other words. If it says something else, it is a fake.
  • Blacknight sites use Digital Certificates with Extended Validation (EV). This means that the connection is secure, and also that the domain name has been independently verified as belonging to Blacknight. You should see this beside the padlock icon, the full company name with the Irish country code: “Blacknight Internet Solutions Ltd [IE]”. (Mac users of the Safari web browser will see the domain name highlighted in green, and they can click on the padlock to see the company details). If you don’t see this information, it’s not Blacknight.

You can read more in our recent press release.

If you clicked links in the emails, please let us know.


13 Responses to Scam Emails Targeting Blacknight

  1. Máirín Uí Mhurchú April 1, 2019 at 09:35 #

    Is this email below an April Fool?

    Dear customer service,

    Please note that there has been a mistake during the automatic renewal of your services (hosting, domains, e-mail …).

    To resolve this issue, please check your bank information.We invite you to manually fill out the payment form for your

    services according to the instructions in the link below :

    We will deduct 1.19 EUR only to validate your credit card.

    If your status is not settled within 24 hours, it is regrettable that we will close your account in accordance with your terms and conditions.

    We thank you for your confidence in Blacknight Internet Solutions Ltd and remain at your disposal.

    Blacknight Solutions


    Hosting, Colocation, Dedicated servers, Domains
    IP Transit Services

    IRL: 1850 929 929 / 059 9183072
    US: 213-233-1612
    UK: 0844 4849361
    Intl. +353 59 9183072

    • Michele Neylon April 1, 2019 at 12:11 #

      That email was another version of the scam targeting our clients.

    • Marrianne April 17, 2019 at 10:42 #

      Hi I had one of the April 1st emails, but it was sent from which is one of your domain names is it not?
      I would like to forward it to you so that you can investigate, can you tell me what email to forward it to please.

      • Michele Neylon April 18, 2019 at 09:10 #

        The displayed “from” could look like it was from us, but the *real* sender isn’t. Either way if you want to send any reports to it’d be appreciated.


  2. Brigid April 2, 2019 at 17:27 #

    Is there no way that Blacknight can stop these from getting through their servers? I am now getting 4 or 5 of these every day, but I don’t want to train my email system to treat them as junk in case I block genuine blacknight emails

    • Michele Neylon April 2, 2019 at 18:55 #

      We block the emails as soon as we are aware of them ie. once we have reports of any new ones.
      They aren’t being sent by us and are not using any of our domain names to send the email so blocking them shouldn’t impact genuine emails from us.

  3. Walter April 12, 2019 at 11:48 #

    Strange thing is that Esat email is being migrated to Blacknight. I also thought that was a scam, so I phoned Blacknight and they confirmed that it was genuine.

  4. Jim Ryan April 18, 2019 at 21:35 #

    I was led to believe that there was no change in my email and that I didn’t need to do anything,
    however, from today i have been unable to receive any emails to my present address,

    Why is this??

    Jim Ryan

    • Michele Neylon April 19, 2019 at 10:22 #


      You would have received several emails from BT about the move. Unless you opted in to move to ourselves BT will assume that you no longer want the service.
      If you contact our helpdesk we can try to assist you.

  5. Heiko May 7, 2019 at 13:57 #

    The link that my email pointed to was :

    Is this genuine???

    • Conn Ó Muíneacháin May 10, 2019 at 12:40 #

      No, that is an example of a scam URL. The secret is to look at the part after the first ‘://’ and before the next ‘/’. This is the hostname. The correct blacknight login has the hostname in that space and nothing else. You can see that the above link is a fake because the hostname is

  6. Michael May 8, 2019 at 08:39 #

    I’m seeing a rise in phishing e-mails generally. You’d think they drop off as people are more able to spot dodgy e-mails, but apparently not.