Gizmodo did a solid job of covering a scam that seems to target Netflix account holders. If you haven’t read the article and seen the videos, I urge you to do so. Although this scam is targeting Netflix customers, I could see the potential to target domain registrants as well.
If someone is able to get access to your domain registrar account password and log in name or account number, stealing your domain names could be fairly easy for them. Obviously the key is to not let that happen, and falling for a scam like the one covered by Gizmodo could do jus that.
Here are a few tips to avoid falling for a phishing attempt:
- Don’t click links in emails
- Use 2 factor authentication at your registrar if possible
- Directly navigate to your registrar
- If you need to call your registrar, find the support number on their website
- If you suspect a phishing email, report it to your registrar and email host
- Mark phishing emails as spam / junk
Most of these tips are along the lines of common sense, but there are people who fall prey to this on a regular basis. Sometimes this involves high value domain names that end up on the aftermarket where an unsuspecting domain investor may pick it up, but oftentimes, it involves domain names that are owned by people who have been using them for their business. Whatever the case may be, domain theft is a major issue and phishing is a major culprit for domain theft.
Domain registrants also need to understand that there are phishing attempts called “spearphishing” which can target individual people. Someone could easily reference your name or a domain name you own in a phishing attempt that is highly targeted. This may make an email look more legitimate, and that is what makes it trickier to catch. Regardless of the emails you receive, make sure you don’t fall for a phishing attempt.
Another phishing scam:
The scammer focuses on a specific domain name by spoofing Go Daddy in an email.
The email states that the owner needs to delete the domain because Go Daddy has to do some technical work on it. (???)
“Go Daddy” promises a free registration and provides a “special” login link for that purpose.
It’s pretty lame, but could be convincing enough for some people, so “Don’t click links in emails” is excellent advice.
I have received a “verify your email address per new ICANN rules” email from Godaddy that I confirmed with Godaddy that was phishing. Problem is Godaddy really did send out similar emails with a link to click in them. Very bad form, GD, and I told them so.
They replied the real emails did not require any info to be entered on the lander. Shoot, by the time a GD page loads half the time I have forgotten why I went there.