«
»

GoDaddy Phishing

DO NOT CLICKImagine my surprise at having a bill from GoDaddy for over $300 ! Well, it isn’t as simple as that, and if you get email from GoDaddy, it’s probably phishing

I had to look twice because I have client sites on GoDaddy. I have several domains there, and this could feasibly have been a client ordering more domains on their account, through my account.

But after a second look, this seemed really phishy … and is. When I looked in my SpamCop “held” box, there were several others. Within the following 8 hours I received a total of 16 more…

spam list in SpamCop shows several from GoDaddy

Notice also, just below the GoDaddy entries are two from DIGG. Those are phishing attempts as well.

this is the html email when viewed as 'page' ... very convincing GoDaddy promo You can click to see an enlargement — however, peeking at the code of the email it’s plane to see this is an attempt to break into my account. The target web site is owned by a cyber criminal located in the Ukraine, clearly hosted on servers in Kyiv.

Other tell-tale clues were — I would never use a login name like this, and I always generate iron-clad passwords. Plus, I would never purchase that many domains, or services without knowing about them. But according to GoDaddy, the phishing attack went to hundreds-of-thousands of people who are NOT GoDaddy users or owners. So they would have been trapped in the drag-net thinking something was wrong.

I alerted GoDaddy, and got this response:

quoting Thank you for contacting GoDaddy.com Spam and Abuse Department.
      What you have received is part of a phishing attack against GoDaddy customers. Earlier this afternoon we were alerted to emails going out that were made to look like they came from GoDaddy. This appears to have been a blanket attack sent to both customers and non-customers of GoDaddy.com.
      We appreciate your notification and we have contacted the hosting provider. At this time, the site in question has been disabled. end quote

I reported them all to SpamCop, and since, even the images that were hosted at www.Imageshack.com have been eliminated.

This is another good lesson to always be on guard for email that may harm you.
Always look for the sender’s address, and
Always look for things that aren’t right.
Always change passwords : more important, more frequently
Use an iron-clad password generator like
      www.goodpassword.com or
      strongpasswordgenerator.com

Above all, tweet this, share this, favor this … there is still a real need to educate your members, friends, family and business community. One good way of doing this is with the “Don’t Click” button. Please show this button on your web site, and link to your favorite anti-spam site. Help fight cyber crime by buying, showing and giving away the Don't Click buttons
      This way you’re spreading the word to be careful online!
You might be responsible for saving someone from becoming a cyber crime victim!

Thanks for reading…

Fred Showker

Editor / Publisher: InfoManager

 

Share this | Post to Twitter Tweet this
Posted by Fred, June 23, 2010
Tags: , , , , , ,