GoDaddy Whois Phishing Scam

Apparently domain thieves and scammers are on the loose only a few days into the new year with a phishing scam for the ages.

Yesterday, I wrote about GoDaddy and their nonchalant attempt to get me to verify my email address and whois information for the numerous domains I own so that I’m in compliance with the ICANN verification process.

My point of yesterday’s email was pointing out that domains registered with GoDaddy were not auto-renewing from some strange reason.

In short, I had to manually renew the domains that did not auto renew and will probably have to keep a close eye on my account over the next few days, weeks and months until all is remedied.

On further inspection of my GoDaddy account, I also noticed some domains with “Pending Whois Verification” as their status.

This was strange because I had never seen this before listed as the status for any of my domains.

Long story short, as a part of ICANN’s new verification process, domain owners must now verify their information by a certain time period.

If you don’t verify the information by the deadline date, then you could not only lose your domain name, but also risk losing all services associated with the domain name.

This may come as a shock to alot of people who don’t log into their domain accounts on a regular basis.

No telling what they may find if they only login a few times a year when they do login.

But where this story takes a twist is when I receive an email from GoDaddy stating something about verifying my email address.

And then I wake up this morning to the see headlines stating “…GoDaddy Phishing Email Scam…”

Not a good way to start my morning off to say the least.

What looks like a GoDaddy verification email isn’t always legit

Although I never received the phishing email as of yet, the fact that there is one floating around only makes matters worse for everyone, including GoDaddy.  

And for those that are still lost, GoDaddy sent a legitimate email for domain owners to click a link to verify their email address, but they didn’t list the domain or any type of information that would associate the email to their account. 

It’s just a plain jane email that may or may not look suspicious to the normal user, but because it’s from [email protected] so I know it to be legit.

In my humble opinion, sending an email like this for customer action is downright irresponsible on GoDaddy’s part.  

I make the the claim that GoDaddy was irresponsible for such actions because they clearly could have sent an email that stated and called for domain owners to login to their GoDaddy account via the GoDaddy website to verify their email address within their account management profile or domain profile.

Because GoDaddy opted to send a non-descriptive and nonchalant email with a pass through link, scammers and thieves duplicated the original GoDaddy email and started sending their own email to GoDaddy customers, focusing on domainers, with a link to a non-GoDaddy website.

The emails look closely identical although there are a few diffences.

However, this fictitious website you’re directed to from the GoDaddy phishing email is nothing but a scam.

Many people are falling for it because the website asks the user to login on what appears to be a lookalike GoDaddy website.

Simply put, the user enters their username and password as they would on a GoDaddy website.

The catch is that once a person enters their information, they’ve given the keys to the kingdom to the thieves and scammers to now login into their legitimate GoDaddy account.

From here, thieves and scammers can now update account information, change passwords, transfer, sale, or delete domain names without the user ever knowing.

The user is now locked out of the account.

Be on the lookout and keep a watchful eye is the moral of the story

So, the moral of the story is that if you ever receive an email referencing your account, it is best that you login into your account to remedy whatever the email is referencing from your account panel and not clicking links from an email.  NEVER EVER click a link in an email, and surely make sure you are on a legitimate website domain.

Don’t just go by the look of the website, pay close attention to the domain name used and make sure it matches the companies primary website.

And when in doubt, pickup the phone and call GoDaddy or whomever was suppose to have sent an email.

In this case, if you received a legit email from GoDaddy or a wannabe GoDaddy phishing email, it is best that you contact GoDaddy Support and let them know you received it, regardless of whether you clicked the link or not.

Should you have clicked the link in the GoDaddy phishing email, try to login immediately to your account and change all account information, passwords and security.

Then call GoDaddy Support to inform them of the phishing email.

In closing, this new ICANN verification process has definitely started the year off with a bang, and not in a good way either.  I’m sure this is only the beginning of the domain phishing scam emails and stolen domains with more to come throughout the year.

The domain emails and auctions are sure to pick up now.

Read more about the phishing scam on the following blogs: DomainingInvesting.com, DomainShane.com, DomainNameWire.com, and RicksBlog.com.