Go Daddy Guest Post: How To Protect Your Accounts

Elliot Silver
-
18

Go Daddy CISOThis is a guest post from Go Daddy’s Chief Information Security Officer, Todd Redfoot. In the post, Todd discusses how you can keep your accounts protected and your domain names safe.

Knowing that an outside party accessed one of your accounts can be incredibly frustrating and exhausting. But there are practical steps you can take to protect your accounts and the information you store in them.

7 basic ways you can make sure your accounts stay secure:

  1. Use a strong password. Eight characters is really not sufficient, a strong “passphrase” is the better choice. A creative device to help with generating strong passwords is to use a phrase that has special meaning to you. For example, “I need a strong password to make sure I’m completely secure,” could become the password InaspTmsIc$. Passwords should consist of a minimum of nine (9) characters and contain at least one special character.
  2. Change your password – often.  This can be as simple as setting a reminder on your calendar to change your password at the beginning of every month.
  3. Use a variety of passwords.  You should never use the same password for multiple accounts. It simply makes it easier for hackers to access all  of your accounts. If you find it difficult to remember all these crazy passwords – try a password safe. There are many free ones out there that will safely store all your passwords in an encrypted database on your machine. Make sure you do your research before downloading anything you find on page 1 of a Google search.
  4. Always, always, always log out.  This is particularly true if you’re using a shared computer, such as one at work or in an Internet café. Regardless of the account you’re in, Facebook or Wells Fargo, take this precaution every time.
  5. Make sure your account is up to date.  Some digital spring cleaning can also protect you. Remove expired credit cards you have stored in accounts and make sure your phone number and address are correct. Not only does this make your account secure, it also ensures that companies you do business with can contact you if there’s ever an issue.
  6. Beware of Wi-Fi hotspots.  Sure, they’re convenient. But you shouldn’t use them to access secure accounts. Hackers are known to roam hotspots looking for their next victim.
  7. Protect your PC. Be careful what you download – only use trusted, well-vetted sources – and invest in anti-virus software to keep your computer safe.

When you have done “everything”, what else can you do?

  1. Do the 2-Step.  Two-step authentication adds another layer of security by texting you a validation code to enter whenever you log in or make important account changes. If it’s available to you, take advantage of it. Go Daddy offers two-step authentication in the US and Canada. You can find out more information about it here.
  2. Never share your account with others.  By giving others access to your account, or purchasing products with someone else’s payment method, you are giving them full access to your account details. If you need to delegate management of your resources check to see if you can assign permissions via account management settings. Go Daddy provides “Account Administrator” functionality. This allows management of your resources from separate accounts, limiting direct access to  account details and billing information. Read more here.
  3. Check for keyloggers on your computer.  Your computer might have malicious software, known as keyloggers, installed that records every keystroke you make — including your user names and passwords.   Run anti-virus programs regularly to detect keyloggers. We recommend using your favorite search engine to find software that removes key loggers from your computer.
  4. Don’t fall for a phishing scheme.  Cybercriminals look to create a sense of urgency to trick unsuspecting victims into downloading malicious files. Many attackers try to lure  you into their schemes by sending emails that look legitimate, but include links to fake login pages that closely resemble the legitimate website. Hover over links, check for misspellings (acmebnak instead of acmebank), but don’t click. Go directly to the website and log in as you would normally; any message, important action, etc. will be there if the email is legitimate. Emails from Go Daddy, in most cases, include your first and last name, a clear first indicator of legitimacy.

Protecting you data is as critical as locking your car or your house – don’t give an attacker an easier route by using weak passwords or unsafe networks.

Anonymous Guest Post: “How My Go Daddy Account Was Hacked”

Elliot Silver
-
36

This is a guest post from someone who wishes to remain anonymous. The article discusses how the person’s Go Daddy account was hacked.

—-

So it was a Monday morning a few weeks back – the start of a new workweek. That Monday morning I had a few things on my plate one of which was to renew a few domain names at Godaddy.com. I have been with Godaddy since the early days – I believe I registered my first name there in 1999. I have an executive account rep and I rarely have any issues with them.

That Monday morning, I tried to log into my account and it seemed as if I may have mistyped my password – I change my password all the time and it was early, maybe 7am est, I figured that I must have just forgotten my password. I submitted the password retrieval request on the site and I received a message telling me that my email address was incorrect. I am a little paranoid so I immediately believed my account was hacked or at least compromised in some way.

I then call the executive accounts number to find out exactly what was going on. It was 5 am in Gilbert Az. where Godaddy is located, but they had a rep there to assist me. This rep was not my account rep, but none the less was able to get into my account to inform me that my email had been changed about a half hour earlier and that I pushed one of my domain names to another account. The account rep helped me regain control of my account, I reset all of my passwords, and my 4 digit pin number.

I eventually got the domain name back and put a crazy high security setting on my account – where nothing can happen at all with any domain name unless I get a personal phone call and give a additional special code (a different code than the 4 digit call in security pin – a real pain in my ass – but I feel necessary now). I was also frantically checking all my other accounts in my life…I was pleasantly surprised that none of my other accounts such as banking, other registrars, paypal, email addresses, etc…had any issues with hacking – All seemed fine – I still changed all passwords etc for all my accounts….

I assumed somehow my Godaddy password got compromised and that was all – so no real worries and this was the end of it. At the time the only thing that bugged me was that it seemed Godaddy would not investigate the hacking at all for me and was pretty unhelpful in providing me any info so I could investigate it myself – there was plenty of data Godaddy could use to investigate this hacking, but I was told they did not have access to the information I was asking for. Oh well – I just figured they did not really care as it seemed that everything was back on track for me at this point and the problem was on my end. I thought that was the end of it…no such luck.

Two days later I got my account hacked again – nothing was taken as they could not move or make any changes – this really had me crazy freaked out. I concluded the problem was actually on my end – I have a mac – but I still had a thorough scan of my computer for malware and/or keylogger apps – found no issues – I wiped it clean anyway – I also purchased a powerful security software which I installed. I then changed all my Godaddy passwords, user pin etc…again – as I did with all of my other accounts in my life – Banking, emails, other registrars, etc. This seemed to do the trick as I stopped having any issues…until this morning.

My account was hacked again – I found out as soon as I woke up around 6:20am; no other personal accounts such as banking etc…had any issues – just my Godaddy account. The hacker tried to push a few domain names out, but could not as I have the high security settings which require a personal phone call with code (and the code is not online)…I was really just baffled and I immediately called Godaddy as now I was certain the breach was not on my end.

I spent a marathon session with an early morning Godaddy executive account rep and I was not taking “we don’t have access to that info” as an answer… I will say that this account rep seemed to truly care about the problem and was working with me to get to the bottom of it – He was able to look into many of the things I asked him to look into and we did get to the answer.

We realized I had not deleted any of my expired credit cards or old paypal billing agreements from my account – so I had expired cards and paypal confirmations dating back from 2000 still associated with my account. In addition to the standard giving your 4 digit pin number, Godaddy will allow access to your account with the last 6 digits of any credit card expired or not – they will additionally give access to your account with the last 4 digits of any paypal billing agreement code – which is plainly visible to anyone who has access to your Godaddy account or email account.

The hacker was calling into Godaddy and pretending to be me. The hacker seemed to originally be able to access my account by getting ahold of an old/expired credit card number and changed my email address by having the Godaddy rep send the email confirmation to the hackers designated email address – it appears as Godaddy accepted expired credit card data to allow access into my account without knowing the designated 4 digit pin number (for credit cards on Godaddy – the last 4 digits are visible on the account – but they do require the last 6 digits in lieu of the 4 digit pin number you set).

From there – the hacker gained access to my account and made note of all the entries in my ‘payment methods’ area for paypal billing transaction codes. So you know – when you authorize instant payment from paypal – you set up a billing authorization – which is kept in your ‘payment methods’ area and most of the transaction number is not visible but the last 4 digits are visible. Godaddy will allow access to your account with those 4 digits from the paypal transaction billing agreement – which is visible on my account.

In summary – The Godaddy rep was able to tell me that the hacker each time called into Godaddy – gained access to my account by either using an expired credit card number (as they did the 1st time) or last 4 digits of a paypal billing agreement code. I deleted 3 dozen old credit card numbers and all the paypal billing agreements from my account. I believe this has finally secured my account.

It is really troubling to know that everywhere I use my credit card is a potential new breach into my Godaddy account. IMO it is only a matter of time before hackers perfect this breach. I truly hope this is the end of my story on this. My suggestion to everyone is to check your payment methods and delete all the expired credit cards and all your paypal billing agreements.

Go Daddy Employees Do the “Harlem Shake”

Elliot Silver
-
4

Go Daddy has tackled what’s become the latest Internet meme – the “Harlem Shake.” Looking forward to seeing Name.com’s take on this.

Namecheap Infographic Illustrates Impact of “Move Your Domain” Day

Elliot Silver
-
2

In January, Namecheap held its second (and now annual) “Move Your Domain” Day, and the company offered special prices and a donation pledge to the Electronic Frontier Foundation (EFF) in an effort to induce inbound domain transfers.

By the end of the day, customers transferred nearly 30,000 domain names to  Namecheap, and that raised a total of $44,311.50 for the EFF.

This evening, Namecheap (which is also sponsoring Water Night tonight on behalf of the Water School) shared an infographic with more information about its Move Your Domain Day. The graphic offers insight including the following information:

  • What registrars lost the most domain names (Go Daddy)
  • Countries where the most transfers came from (USA)
  • Most transferred TLD (.com)

There was additional cool insight on the infographic. Check it out below or visit the Namecheap blog for more information.

What’s Your Take on the Go Daddy Super Bowl Commercials?

Elliot Silver
-
10

I’ve shared the two Go Daddy television commercials that will appear at some time tonight during the Super Bowl:

Not only will these commercials be shown during the game, but they will be shown many more times following the Super Bowl when people rate the commercials and offer their analysis. I am curious about whether you like these two commercials from a domain investor’s point of view.

Please vote and feel free to share your thoughts below.

 



Video: 2013 Go Daddy Super Bowl Commercial with Bar Rafaeli

Elliot Silver
-
12

Go Daddy released its 2013 Super Bowl commercial starring Bar Rafaeli, and I must say, Walter is a lucky son of a bitch! The company teased us with a sneak peak version of this commercial earlier, and they posted the full length version this evening. GoDaddy Girl Danica Patrick narrates this commercial, which is called “Perfect Match.”

A few days ago, Go Daddy and the .CO Registry released the full version of its second Super Bowl commercial. That one is much more tame, and I think it is also more effective at getting its message across.

What do you think about this commercial?

BTW, for those who are wondering, the lucky “Walter” character is actor  Jesse Heiman.

1...979899...117Page 98 of 117