Why Domain Registrar Phishing Emails Are Bad For Us All


As I reported earlier today, there is an apparent  GoDaddy phishing attempt  making the rounds to domain registrants. I am not sure who these emails are targeting, but this issue appears to be widespread and targeting many domain investors. These types of phishing and spear phishing attempts are bad for all of us, and I will explain why.

The most obvious victims of domain registrar phishing emails are the people who click the links and expose their account information to the perpetrators. They are potentially giving thieves access to their domain registrar accounts, causing a number of issues, which includes the following:

  • Domain names can be transferred to other registrars
  • Domain names can be sold and pushed / transferred to others
  • Domain names may be canceled or have auto renew changed
  • DNS may be changed to different parking accounts
  • Websites may be taken offline or redirected
  • Hosting accounts may be altered or possibly deleted
  • Malware may be added to hosting accounts associated with domain registrar
  • Illegal bidding may occur on connected accounts
  • Thieves could register thousands of dollars in products or services to cause havoc

Not only is it bad for these people whose accounts could be at risk, but it also opens them up to future problems as well. The thieves can learn information about them based on their account records (address, phone number, domain preferences…etc). In addition, the thieves will now know that these victims may open subsequent emails as well. In the direct marketing field, there are lists of people who open emails and take action on emails because they are more valuable prospects.

It’s clear who the most obvious victims of phishing attempts are, but others may fall prey as well. People who unknowingly buy stolen domain names could also lose out. The domain owner may be able to use the court system or domain registrar processes to recover his or her stolen domain names, but a domain buyer may be out funds if the domain name is found to be stolen and taken from his or her account. It would be very difficult to track down a thief to recover monies paid for stolen domain names.

When a glut of stolen domain names get fenced, it casts a shadow of doubt on the entire domain name aftermarket. If there is a greater potential of buying a stolen domain name due to an increase in domain theft, it increases risk for all domain investors, and with more risk, the value of domain names could drop.

Domain buyers need to do Whois searches to make sure Whois records look “normal.” They should research the names and email addresses of sellers to make sure the sellers are legitimate. They should also use a tool like DomainTools History Tool to check on any recent Whois changes compared to previous entries to spot trouble.

Leave a Reply