I’ve written a number of articles about phishing attempts made to induce GoDaddy customers into giving up their login credentials. I think phishing is one of the leading causes of domain name theft, and it appears to have reached a crescendo in the last year. It seems that domain theft isn’t the only objective of phishing attackers.
Jeremy Kirk published an article on CIO.com warning that attackers are using hijacked domain registrar accounts to infect computers with malware. “Hundreds of hacked domain name accounts registered through GoDaddy are being used as part of a highly effective campaign using the Angler exploit kit to infect computers with malware,” wrote Kirk. The article cited a blog post written by Nick Biasini, an outreach engineer with Cisco Systems.
Kirk went on to explain what is happening with the subdomains:
“An Angler attack starts when someone views a malicious advertisement. That advertisement then redirects the person to one of the hacked subdomains, which either delivers the exploit kit or redirects to another website hosting the kit.”
Based on my understanding of this, it does not seem like the issue is uniquely associated with GoDaddy. My understanding is that because GoDaddy has the largest customer base, phishing attacks typically target GoDaddy customers more regularly. If the recipient is not able to distinguish a phishing email from a legitimate communication, they may give up their information unknowingly.
It’s important that GoDaddy customers and customers of other domain registrars use two factor authentication or other security measures offered by the registrar. Based on this article, it is clear that domain name theft is not the only issue one needs to be concerned about related to phishing.
If you receive an email you believe is a phishing attempt, you should consider reporting it to GoDaddy. This can help the company thwart the attack and save others from falling prey to it.