New Godaddy Phishing Attempt – .Info Bulk Orders
June 21, 4 Comments - Author: Simon JohnsonThere is a new phishing email doing the rounds, masquerading as a Godaddy email. I received it this morning and have since notified Godaddy.
There are a few things that are interesting about this email:
1.It uses the actual Godaddy graphics on the Godaddy web server, so it looks real.
2. In the body of the message it says “Dear <your email address”.
3. It was sent to an email address on my server that doesn’t exist (normally I’d throw away those “catch all” emails, but not in this case).
4. The fake email was (spoofed) from sales at godaddy.com with a subject of “GoDaddy.com Order Confirmation”. So if you have a lot of automatic email rules that archive off these types of notices, it may find its way into your inbox, and you may never notice it.
5. FYI: The links go through to “dextersss-com-ua.1gb.ua/zzx.htm” – the webserver is live, but the site is currently producing a 404.
6. For the techo’s, SpamAssassin gave it a score of 17.223.
I only initially picked up on it because I didn’t recall ordering 300 .INFO domains. If that had of arrived during a bulk ordering process, I may have not noticed.
Given the fact it’s a bulk registration. Could this be a targetted email especially for domain investors? The average person isn’t going to register 300 domains! Of course, the other side of that thought process is that phishing emails are designed to be “clicked on”, so if a member of public sees it, they will probably freak out first, click it and then inadvertently hand over their credentials (login id and password).
What do you think? Have you received this email?
Previous | Next Post:
« NBC Backs Out Of Women.com & Women.Net Sale – Gets Sued | Australian Government To Consider Public Comments On ICANNs gTLD’s. »
Facebook comments:
I got the same email, good thing I always look in the status bar of the browser before I click a link to see where it is really going. Email looked pretty legit. GMail picked up on it being spam, but for some reason it didn’t give the warning that the address was spoofed (it usually catches it).
I got it today, and I wouldn’t have if it was sent only to bulk orderers. I only own one domain and wouldn’t do business with GoDaddy if it was the last web host on Earth. Thunderbird’s filters caught it as spam, but as Michael said above, they caught it only as spam and not as a spoof. I have done business with GoDaddy before, on behalf of my employer, so yeah, freaking out was certainly my reaction, although instead of clicking that meant double-, triple, and quadruple-checking that it really was spam instead of just deleting it as soon as I saw the mismatched addresses.
I also recieved one. Most of my customer also recieved one’s like this and were asking me about it. After getting mine, I tracked down the header information to a law firm in Atlanta, GA and a the sender IP to a server in Poland. Pretty easy to trace in DNSStuff tools.
I’ve received *4* of these in the past 24 hours. Since we don’t do bulk registrations, I looked over the links with a fine toothed comb before deciding it was spam.