Phishing via GoDaddy Discount Email


I was going through my spam email folder this morning to see if Gmail inadvertently marked legitimate email as spam, and I wanted to warn you about something that appears to be another GoDaddy phishing attempt masking as a discount offer. You’ll recall that last month there was a GoDaddy Whois verification phishing email ¬†that went around.

There were five things that indicated to me that this was not a real GoDaddy email:

  • Gmail marked it as spam, meaning they identified something within the email that indicated it did not originate at GoDaddy.
  • The email was not personally addressed to me, although someone could easily change that and attempt to spearphish me or someone else.
  • The subject and content were a bit different.
  • Hovering over links showed the links did not go directly to Instead, they used a url shortener, and I did not click through to see where the destination was.
  • Poor grammar.

If you happen to receive an email like this or something else you suspect to be a phishing email from GoDaddy, you might take the time to report it to GoDaddy to help prevent others from falling prey. Not only can you help protect someone from having their domain name stolen, but you can help keep stolen domain names off of the aftermarket.

There are plenty of GoDaddy discount codes and coupons out there, but this special offer email doesn’t appear to be one. As always, when you receive any email that requires you to click through to take advantage, be 100% certain the email is from who you think it is from and the link goes directly to the company’s website.


  1. Good advice that would apply to any email containing a link.. Some of these emails look very real using the exact format, images etc, Always be cautious, it’s not just bank accounts phishers are going after, it’s domain hijackers who use phishing as a means of accessing your domains as Elliot points out.

    And they go after the most vulnerable Registrars, the ones that don’t require security questions to modify your domains, your account or transfer out, I haven’t changed my email there in years, so I’m uncertain if they send a verification to the original email address, if not, your email can be easily compromised, then it’s Christmas at the Phishers house.

  2. Good catch, Elliot!

    There are a bunch of these phishing emails making the rounds. Many of them appear to be from the same people. But there are bound to be multiple scammers and scams out there.

    Most that I’ve seen target GoDaddy, which isn’t surprising. After all, GoDaddy is the biggest target out there. Yet I’m actually more concerned about scams that target other registrars. GoDaddy can put extra security layers in place for customers who choose to exercise that option. Yet many smaller registrars don’t have such capabilities.

    Many of us have domains in our portfolio scattered around a couple dozen different registrars. Be careful — not just with the highly-targeted big registrars like GoDaddy … but also with the smaller registrars you may use less frequently and be less familiar with.

Leave a Reply