How GoDaddy accounts and domains are stolen one email at a time.
Quick Summary of Contents
As I was checking emails the other day, my eyes landed on an email from GoDaddy entitled “Action Required: Please verify your email address.”
I didn’t give the email much thought, and I’ll share with you why.
To give a bit of context, I was opening GoDaddy email notifications pertaining to domain renewals and recent services I had purchased.
On a daily basis, I receive at least 20-30 emails from GoDaddy in regard to a variety of services, products, and notifications:
- Some are from winning auction emails.
- Some are auction bid emails.
- Some are renewal notices.
- Some are domain deletion notices.
- Some are other product purchases.
- Some are product activations.
- Some are domain auctions ending.
- And the list goes on…
Nevertheless, I receive quite a few emails. But this certain day, I was checking GoDaddy emails in an attempt to update my GoDaddy Promo Code page with fresh promo codes.
As I made my way through the first 5 or 6 emails, I arrived at the email image you see below. I didn’t think anything about this email initially. The email resembled other GoDaddy emails I had been opening and browsing through.
Off the top of my head, I thought this particular email was an official ICANN email verification process that domain owners must complete annually to ensure all domain registration information is up to date.
Was this an official ICANN email verification message?
Fortunately, when I opened this message, I noticed the email was sent to [email protected]. This was red flag number one: Wrong email address!
Red flag number two was when I noticed the from email name was GoDaddy, yet the from the email used was “[email protected]” instead of “[email protected]”, “[email protected],” “au[email protected]” or “[email protected].”
Another thing noted was 2 images within the email did not load correctly.
Also, the person(s) that created this email used a hyperlinked email address below the “24/7 Support: (480) 505-8877”.
GoDaddy never does this. They use first and last names followed by the account number.
At this point, I knew that this WAS NOT an official GoDaddy message. I kept examining the email below, and more errors were present.
As I hovered over the “Verify Your Email Address” button, it was linked to “http://g0dpedy.xd574p.us/[email protected]”. DO NOT EXECUTE THE LINK
Personally, I never click on links like this because I know that GoDaddy typically asks you to log in to your account to verify or take action on a pressing issue.
Then, there’s the incorrect usage of double quotes when they should have used single quotes or apostrophes throughout the entire email message.
And to top it all off, there are quite a few grammar errors throughout the message as well.
Oh yeah, the email also assumed I had website services.
Typically, GoDaddy refers to generalized grammar, such as products and services. I researched previous emails to figure this bit of info out. 😉
How GoDaddy accounts and domains are stolen.
I’m not certain what would have happened had I clicked that link within the GoDaddy phishing email.
My guess is that my GoDaddy account and details would have been stolen, which would have led to valuable domains being stolen too.
I’m somewhat impressed at how these particular thieves almost perfectly mocked the GoDaddy email branding.
They needed to work on image loading and grammar, but they almost had me for one moment.
Thankfully, I don’t blindly assume or click links. You shouldn’t either.
I can’t tell you how many phishing emails are sent daily and how many more people blindly click links within the email.
They’re led astray to an unknown website that’s nothing but an imposter website using a totally different domain than what was sent via email.
In some cases, the domain used has nothing to do with the brand the person is perpetrating to be.
Nevertheless, through a simple click and entry of credentials, both username and password, people blindly fork over their information for the thieves to use against them by taking over their account or selling their credentials online to some other party willing to pay for such a heinous act.
A failure to increase account security.
Then to make matters worse, another reason GoDaddy accounts, and domains are stolen is that most person’s using GoDaddy as their provider don’t enable Two-Factor Authentication, which has been available for nearly 4 years and counting.
If you’re a GoDaddy customer, then I encourage you to increase your account’s security using the 2-Step Verification service offered free of charge.
It simply forces you to enter a code when logging into your GoDaddy account.
You receive the code via a text message via your cell phone.
So this means that the thieves after your GoDaddy account would have to possess your cell phone to access your GoDaddy Account.
Another thing to note is to make sure you have text message notifications turned off on your phone when your phone is in a locked state.
I’ve also heard of people losing their accounts because their phones, which did not disable text message alerts from being read when the phone was locked, were stolen too.
So, do yourself a favor and turn off those text message notifications on your phone.
Oh, and don’t forget to enable Two-Factor Authentication for your GoDaddy account.
A failure to change passwords over time and forgetting to enable email notifications.
Another safeguard not widely used by most GoDaddy customers that have had their accounts and domains stolen is not enabling email notifications on their accounts.
In some cases, if the thieves are smart, they won’t change your login credentials.
They simply log in and out of your account without you ever knowing about it. Hence, enable Two-Step Authentication services to stop this nonsense.
If thieves don’t change your login credentials, then they disable email notifications.
Thieves do this to transfer domains out of your GoDaddy account while under the radar of ever notifying anyone.
In some cases, saved payment information is used to purchase domains and then transfer domains from a person’s account to a thief’s account.
I can’t express the importance of enabling account notifications, changing your password from time to time, and using passwords that are at least 10 characters in length, containing upper and lowercase alphanumeric and special characters.
Be and stay on the lookout for GoDaddy email phishing scams.
As I close, I recommend you always type the Godaddy.com address into your web browser to log in to your account instead of using email phishing as GoDaddy.
Don’t forget to complete the steps above to protect your account too while you’re at it.
Don’t simply assume that because the email looks like a GoDaddy email that it is an official GoDaddy email sent from GoDaddy.
This rule applies not only to GoDaddy but to other domain registrars as well. You can never be too careful these days.
In fact, as I typed the last line of this message, I just received another spoofed email message entitled“Action Required: Please verify your email address.” It was sent using the name GoDaddy and the email address “[email protected].”
Don’t worry, I didn’t click the link. 🙂
I simply forwarded the email to [email protected].
Just that simple. That’s all for now.
Thanks for the tips Alvin. I just got an almost identical email but I use Gandi.net. It looked suspicious and some Googling led me to your article to confirm that it was a phising email.
Thanks, Alvin. Very important article and suggestions to keep a safe, at least much safer if not, godaddy acount. Appreciate your time and effort in writing this up.
Thanks for sharing Alvin will keep eye out for t.