I want to share another GoDaddy account phishing email that is playing on the ICANN verification requirements to get people to open the email and possibly click a link to a phishing website. One giveaway is the link to a non-GoDaddy owned website that tries to give people the impression it is associated with the company. The email subject is “Immediate Verification Required” and it may have one of your domain names listed as well.
I won’t mention the website used to avoid giving it publicity, but if you click any links (or paste links into a browser), make sure the website is the one you intend to visit. In addition, the GoDaddy email should have your name or registrant name, and any email requiring action should have a corresponding notification in your account to confirm that it is an outstanding issue.
If you ever have a question about whether or not a domain name is a phishing email, or if you know it is, you can report a phishing email to GoDaddy very easily and they can confirm.
Here is the content of the email:
As of Dec 1, 2014, the Internet Corporation for Assigned Names and Numbers (ICANN) has mandated that all ICANN accredited registrars begin verifying the WHOIS contact information for all new domain registrations and Registrant contact modifications.
You have registered one or more domains from Godaddy Inc. and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. You have until 01/01/2015 to verify this email address. After this date, the domain name(s) will be suspended until the email address is verified. please cut-and-paste the following URL into an open web browser to complete the verification process:
[link redacted]
Once you click the link, your email address will be instantly verified and there is nothing further for you to do on the following domains:
[redacted]
Sincerely,
GoDaddy, Inc.
Hi Elliot,
I got similar mails two days back on my premium domains. And I accidentally clicked the link. The very next moment, I realized it was a phishing mail and went ahead and changed my GD password and PIN.
And lo, the next day there was a similar mail with the same domain, asking me to click again. This time I have reported to Gmail and GoDaddy.
Its easy to overlook these if you are not diligent.I recommend all those who have indeed clicked the link like me, to change your GD password and PIN.
Thanks Elliot for sharing this. Stay safe.
– Amaresh
Thanks for sharing elliot.. Appreciate it.
Hello Elliot,
My name is Alex Kogan and I am the owner of HeavenDomains.com.
Unfortunately I was the unlucky one who had an account at godaddy.com and on December 1, I also clicked through this email, after entering my user name and password, I realized there maybe an issue with it, and changed my password right away. Somehow two hours later after I logged into my account all my domain names were gone.
Needless to say I have had a difficult last two couple of days, spending a lot of time on the phone with customer service from GoDaddy.com, but I realize there isn’t much they are going to do, so I am hoping someone can give me a pointer on what do I do next.
Here is a list of stolen domain names. They are all now registered at eName in China. Needless to say, please do not purchase them, if they come up for sale.
61.ORG
35.ORG
14829.COM
18314.COM
44542.COM
44742.COM
44942.COM
69245.COM
74481.COM
74490.COM
74707.COM
83034.COM
90492.COM
97066.COM
Elliot, if you can please give me suggestions on what would be my next step, I would really appreciate. Of course, I filed godaddy form, but I do not realistically believe this will lead to anything positive. I also filed the FBI.gov form, but once again I am sure it will not lead to positive results.
The most expensive domain names on this list are 35.org and 61.org and I would be extremely happy if they two would come back to my account.
Thank you,
Alex Kogan
HeavenDomains.com
Hey Alex,
Sad to hear about your loss. But, strangely, when I clicked the links, it did not ask me to login in to GoDaddy. It just redirected to the home page. Then impulsively I checked the actual domain on the link and found that it was registered this year from someone in China. That’s when I realized it was a phishing attempt and changed the password.
I would say in addition to what you have done, bring the matter on the Domain forums and contact other major Domain Blogs.
Hope you recover your stolen domains soon.
Best,
Amaresh
As a follow up – I think the main issue here is – GoDaddy.com simply allows you to transfer out instantly without waiting 5 business days as most other registrars do.
If they would at least wait 24 hours this would never have happened, as I noticed the issue within 2 hours, but it was too late. While I take full responsibility of clicking through an email link which looked exactly like GoDaddy website, I think a better security system at GoDaddy would solve the issue.
Also, one cannot reach out to their security department for some reason. I have talked numerous times on Monday night and Tuesday to their tech support, but at no time I was able to reach their security stuff, and by the time they got back to me (12 hours later) the domain names have been transferred away from GoDaddy. If anyone knows the number for GoDaddy security department, it would be great?
I assume originally they were simply pushed away to a different account at GoDaddy.com and then transferred away from there. In either case, a little 24 hour protection/hold when the registrars are changing would be great,
Thank you everyone who replied. I really appreciate your help in this matter and hope to find solution soon.
Alex Kogan
HeavenDomains.com
Likewise, almost fell for it as well but in the end still hesitated, thankfully..
As this seems to have gotten overhand it would make sense to establish a warning platform (be it a specific website or whatever in the sense of HallofShame etc.) for us domainers enabling us to inform all others of the latest phishing attempts/mails circulating around and to have a trusted source to always visit quickly before trusting any future GoDaddy/Namecheap/other registrar mails..
Anyone up for this project/task?
Here is the thing, most domainers have some level of guard, the average mom and pops whose business relies on their single, or small portfolio of domains need to be protected.
Godaddy you have a whole campus of smart minds there, put them together, and come out with a better mousetrap. This is really a joke, these guys can create domains in a minute, send thousands of emails, and rinse, and repeat again, and again.
You need to protect your clients, with a better verification system, ICANN WAKE THE F UP!
I strongly recommend people add 2 factor authentication to their accounts… whether at GoDaddy or other domain registrars.
Sadly Elliot, only US based customers can avail this facility. I have written to GD in the past that it has to be extended to all, but in vain.
-A