Scam makes its rounds with a new phishing URL.
[Updated: Go Daddy has successfully shut down the phishing site. But the offender will surely just set up another. So here are a couple points from Go Daddy:
-Official Go Daddy e-mails will always address you by name, unlike those from phishers (who do not know this information).
-Customers are also reminded never to provide credentials to an unsecure website. Always make sure the web address starts with “https:†or contact Go Daddy’s 24/7 customer support if you are unsure.I think this has made the rounds before, but this phishing scheme has a new URL registered just today.]
One of my readers sent a copy of this phishing scheme, modeled off of GoDaddy’s annual whois reminder notices. Here’s how it looks:
Dear User,
it is that time of year again. ICANN(the Internet Corporation for Assigned Names and Numbers) annually requires that all accredited registrars (like GoDaddy.com) ask their domain administrators/registrants to review domain name contact data, and make any changes necessary to ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more domains registered at GoDaddy.com, Inc. as of May 1st, 2010.
To review/update your Account data, simply:
+ Login to https://dcc.godaddy.com/ default.aspx?isc=ICANN0908a& amp;ci=8987
+ You will be taken to a landing page and asked to enter your account information
Please take a look that your account and domain information is up to date.If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN rules and the terms of your registration agreement, providing false contact information can be grounds for domain name cancellation.) To review the ICANN policy, visit:http://www.icann.org/ whois/wdrp-registrant-faq.htm
Should you have any questions, please email us at support@godaddy.com or call our customer support line at (480) 505-8877.
Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.
Sincerely,
GoDaddy.com, Inc. Domain SupportIf you are the domain administrator of more than one GoDaddy.com domain account, you may receive this notice multiple times.
—————————— —————————— —————————— —
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.
I looked up an official GoDaddy whois reminder email and it looks basically the same. There are few tips in the phishing version that people probably won’t notice: “it i” isn’t capitalized at the beginning, there’s a spacing error in the first paragraph, and the copyright date is 2008. Another key difference you should always look for: the official GoDaddy messages will address you by name, not “user”.
Nonetheless, clicking the hyperlink in the email brings you to Goddaiddy.com instead of GoDaddy.com. And the landing page looks a lot like GoDaddy’s home page. The whois information on Goddaiddy.com appears to be bogus.
atc says
I saw GoDaddy’s tweet in response to your article. I notified GoDaddy through a support ticket of the previous phishing domain, GodaiddLy.com, last month.
GoDaddy’s form response (below) to my report could lead a user to believe the phishing email was legitimate. If GoDaddy wishes to take security seriously they need to do a better job of reading tickets and responding appropriately.
“Thank you for contacting Online Support. GoDaddy.com has sent an email to all domain registrants asking for verification of domain contact information. ICANN (Internet Corporation for Assigned Names and Numbers) requires all registrars to do so each year.
We will be sending these notices over the next month, so if any of your domains are not listed, you will receive an email for these domains in the coming month. To proceed, please click the link that was sent in the ICANN email or paste the URL into your browser to verify your information…”
Henry says
@atc, my feelings exactly. I contacted them and got the same response. It took a direct contact with my account executive for a proper response.
Yet, a month later, I received another one and promptly forwarded it to support@godaddy.com as instructed. To my surprise, the response again was what you just mentioned. That’s very dubious and scary to say the least.
Needless to say, that stopped all correspondence with Godaddy.com at that point. I am researching and reviewing for a secure registrar to transfer my portfolio to.
I know it will be expensive, but not doing anything will be far more expensive.
Regards.
Wufuquan says
Yup. Beware of phishing.
stumble says
they are busy with godaddy girls now , they may look the support ticket when they bored 😉
Herb says
Quite simply, don’t click on links provide in email.Type in the the web address of the provider directly in your browser.