GoDaddy “Universal TOS” Phishing Attempt


Email spam filters have gotten pretty good at catching phishing attempts. Most of the time, phishing emails are caught and or blocked by email providers and never even seen by the intended recipient. In some cases, the emails make it to the user’s inbox but are marked as spam / junk. This helps prevent phishing, but it’s not foolproof, and phishing or spearphishing are not always obvious.

I want to share a spoof GoDaddy email that seems to be making the rounds. From what I can gather, this is a spoofed email phishing attempt that is NOT from GoDaddy despite the appearance of being a GoDaddy. People who visit the link and enter their GoDaddy account information are at a major risk to have their GoDaddy account hacked.

GoDaddy customers (and customers of other registrars for that matter) should have two factor authentication turned on to help secure their account. GoDaddy now allows customers to use a YubiKey for 2 factor authentication, and other registrars also have 2FA options.

Here is the email going around:

Subject: Universal Terms of Service Agreement have expired.


Universal Terms of Service Agreement
One or more items in our Universal Terms of Service Agreement have expired. Agree the updated Terms today to avoid any disruption of services.
Dear user, some elements of our Universal Terms of Service Agreement (ToS) have been modified for better service use. But don’t worry, you can still use your services after you read and agree the new ToS.

Continue >>

Please do not reply to this email, as responses to this message will not be answered.

GoDaddy Support

It is of utmost importance that you are sure an email is actually from the proported sender before clicking any links. I like to directly navigate to a registrar’s website any time I receive an email where action is required.

Leave a Reply