Whenever I receive an email from GoDaddy that does not look like a standard GoDaddy email, it gets my guard up. Phishing and spearphishing are big problems, and I regularly see GoDaddy spoof emails. My email hosting provider catches most of them and automatically marks them as spam / junk, so I don’t see many of them in my inbox.

Earlier this week, I received an email from “GoDaddy Alerts” as the sender with an email address of alerts@godaddy.com. The email was a notification that my nameservers had been updated. I had not received an email from the email address or the sender prior to receiving this one.

The Attorney General’s Office from the State of New York (NYAG) sent a letter to GoDaddy regarding coronavirus domain names being registered for various scams and schemes. The letter, sent on NY Attorney General Letitia James’ letterhead, was sent this past Friday. The letter is posted in a .pdf file on the NYAG’s website.

According to the letter, “The Office of the New York Attorney General (NYAG) is investigating the registration and use of coronavirus-related domains for the purposes of deceptive advertising, phishing schemes and malware dissemination.” Although the letter does not specifically mention that some of these domain names are registered at GoDaddy, I would imagine this is probably the case since GoDaddy is the largest domain registrar in the world.

The NYAG is requesting that GoDaddy contact the NYAG’s office “to discuss how GoDaddy is protecting New Yorkers and others across the country from these scams.” The NYAG suggested some actions it would like to discuss with GoDaddy:

One of the best ways domain name owners can secure their registrar accounts is to enable two factor authentication within their domain registrar accounts. GoDaddy is one of the major registrars that offers 2 factor authentication for its customers, although the company has not offered it to international clients until today.

I was informed that GoDaddy is now offering its international clients the ability to add this additional security measure to their accounts as of today. When the domain owner logs into his or her domain registrar account with a password, they are prompted to enter a unique code that is sent via text message to the domain owner. This is a free service now offered to all GoDaddy customers throughout the world (users may have to pay for text messages depending on their mobile device service).

Paul Nicks, GoDaddy’s Aftermarket General Manager, commented on this change:

Just a head’s up that it appears a fake GoDaddy coupon email may be making the rounds. The subject of today’s email is “Get 32% OFF your order – no minimum.” When you hover over the links in the email, you’ll notice a Goo.gl url shortener is used for the redirect instead of a GoDaddy.com url, which would most likely be used if the email was legitimate.

I hesitate to call this a phishing email because it seems that the url takes the visitor to some sort of affiliate page within the GoDaddy website, although I didn’t investigate further. My guess is that it’s someone who is trying to get affiliate credit somehow, although I think it’s pretty shady that the “from” field says “Godaddy.com” and the email address is noreply@godaddy.com. It could also potentially be