Like every other domain registrar, Go Daddy is required to send domain name owners an annual email for each domain registration per ICANN regulations. These emails ensure that the registrant’s Whois information is accurate. GoDaddy also sends customers emails for renewals and account updates.
Some nefarious individuals take advantage of this, and they spoof Go Daddy’s emails, in the hopes that a domain registrant will click one of the fraudulent links and type in their GoDaddy account and password, giving account access away to the thief. This is one way domain names are stolen from Go Daddy accounts and from other domain name registrars.
I’ve received phishing emails like this in the past, and I generally delete them without clicking on the link to avoid giving any information to these thieves and to avoid landing on a website laden with malware. Although hitting the delete button (and/or reporting the email as phishing with your email provider) is probably the safest way to dispose of an email like this, recipients can do something that will be more helpful to GoDaddy and other customers.
If you receive what you suspect is a fraudulent email from Go Daddy, you should file an abuse report with the company. They will ask for a variety of information from the email you received. This will help the company track down the thieves and become aware of the attempt. This can also help Go Daddy get the website shut down to prevent others from falling prey to this scam.
Domain owners should know that this doesn’t only happen at Go Daddy, as other registrar accounts are also targets. If you receive a phishing or malware email that purports to be from GoDaddy, you should report it to the company.