In an effort to combat phishing emails, GoDaddy has added the registrant’s name to the subject line of renewal emails that are sent to customers. Instead of an email with a subject of “Your GoDaddy Renewal Notice,” the emails now say “John Doe: Your GoDaddy Renewal Notice.”
In addition to the subject line having the registrant’s name included, the salutation in the email also includes the registrant’s name. The company previously sent out emails that started “Dear Valued GoDaddy Customer,” which is more easy for a hacker to spoof in bulk, untargeted emails sent to thousands of email addresses.
I think this is a smart move, but the company should make this mandatory across the board for all communications with customers. I checked through emails I received from GoDaddy in the past few days, and a few of them did not include my name in the subject line. More surprisingly, an email that was sent for me to verify my email address was addressed to “Dear Valued GoDaddy Customer” instead of my name. When I receive important automated emails, having my name included is the first thing I look at.
I reached out to GoDaddy for comment, and I was told that there are more changes in the works in an effort to thwart phishing attacks. “We have implemented some improvements already, including adding the customer number to emails,” said Elizabeth Driscoll, Vice President of Public Relations at GoDaddy. “We’re also looking at increasing information provided in the email. Within the next quarter, we are planning to address each customer with first and last name. This should make it easier to identify fake emails.”
One very important thing to keep in mind is that while personalizing emails may be one step in combatting phishing attacks on a large scale, it is still possible for “spearphishing” campaigns that can mimic these emails. Hackers may target individual people or companies, and by doing so, they can also personalize the emails to make them appear legitimate.
The best way to prevent phishing is to never click on links within emails. If you suspect that you accidentally clicked a link and logged in to a fake GoDaddy website, report this to GoDaddy Support immediately and be sure to change your password. I recommend enabling 2 factor authentication on your account for added security.
I’m still waiting for GD’s 2-factor authentication to be available outside North America.