GoDaddy WHOIS Verification Email - Beware of Phishing Scam

ImageAuthors · Jan 4, 2014

Please bump this thread to the top in order to warn people.

BEWARE OF THIS PHISHING SCHEME:

Beware of emails ostensibly from "GoDaddy" with titles like this:

ACTION REQUIRED - Reminder to verify the accuracy of Whois data

Despite the GoDaddy logo and graphics, this appears to be a phishing scam.

You will be directed to a GoDaddy clone website on a domain such as this one:

GoDaddyAuthentication.com

You are prompted to log in, and I'm guessing your password will be used later on to steal your domains.

GoDaddyAuthentication.com shows the following in Whois:

Domain Name: GODADDYAUTHENTICATION.COM
Registrar: NAMEBAY
Whois Server: whois.namebay.com
Referral URL: http://www.namebay.com
Name Server: NS1.ISPFR.NET
Name Server: NS2.ISPFR.NET
Status: ok
Updated Date: 04-jan-2014
Creation Date: 04-jan-2014
Expiration Date: 04-jan-2015
godaddyauthentication.com registrar whois
Updated 1 second ago
Domain Name : GODADDYAUTHENTICATION.COM
Created On : 2014-01-04
Expiration Date : 2015-01-04
Status : ACTIVE
Registrant Name : denis Alain
Registrant Street1 : 26 rue auguste blanche
Registrant City : puteaux
Registrant State/Province :
Registrant Postal Code : 92800
Registrant Country : FR
Admin Name : NUXIT
Admin Street1 : 400 avenue Roumanille
Admin City : Sophia Antipolis
Admin State/Province : FR
Admin Postal Code : 06903
Admin Country : FR
Admin Phone : +33.899563600
Admin Email : [email protected]
Tech Name : NUXIT
Tech Street1 : 400 avenue Roumanille
Tech City : Sophia Antipolis
Tech State/Province : FR
Tech Postal Code : 06903
Tech Country : FR
Tech Phone : +33.899563600
Tech Email : [email protected]
Billing Name : NUXIT
Billing Street1 : 400 avenue Roumanille
Billing City : Sophia Antipolis
Billing State/Province : FR
Billing Postal Code : 06903
Billing Country : FR
Billing Phone : +33.899563600
Billing Email : [email protected]
Name Server : NS1.ISPFR.NET
Name Server : NS2.ISPFR.NET
Registrar Name : Namebay

DNabc · Jan 4, 2014

False ACTION REQUIRED - Reminder to verify the accuracy of Whois data

Please check if you received any email from: [email protected]
(Godaddy doesn't use this address).

Does the email says you need to verify by using OpenID? If yes, it's the same person trying to get the password for your email account.
They will direct you to the domain godaddyauthentication.com , which of course isn't from Godaddy.

I have Two Step authentication factor on gmail so he/she can never enter.

I have reported this to NameBay, Godaddy and Gmail.

Keith · Jan 4, 2014

I got this today. I actually clicked through to the website and then the gmail link. I did NOT continue and enter my username and password. Hoping I'll be alright!

DNabc · Jan 4, 2014

I've seen the code of their website and I think that if they don't have your password you are fine.
If your email provider has a phishing report please use it.

Keith · Jan 4, 2014

DNabc said:
I've seen the code of their website and I think that if they don't have your password you are fine.
If your email provider has a phishing report please use it.

I went ahead and changed my passwords for my email and godaddy just to be safe. Thanks for the heads up!

DNabc · Jan 4, 2014

At Godaddy, US customers can also activate the Two Step auth factor (sms login verification).

Keral_Patel · Jan 4, 2014

Have changed the Title and Stickied it for somedays so all members can take a note of this and less damage is done.

Thanks

DNabc · Jan 4, 2014

This morning I reported this to all related companies but being a weekend...

tommedema · Jan 4, 2014

I got this as well. I was surprised that Google (I use Gmail) didn't mark it as SPAM/Phising.

NLP · Jan 4, 2014

There is mass confusion surrounding this, because GoDaddy (per new ICANN policies) is also sending out legitimate one-time verification emails upon the registration of a new domain.

http://domaingang.com/domain-news/domain-registrations-godaddy-now-confirms-your-email/

The one I got had a green header. Because the wording was a little different of previous GD emails, I was suspicious, so I called GoDaddy and spoke to two reps before clicking it.

This is very confusing, though, so I'm not sure how people are going to know if what they got was legitimate or not (other than checking the IP and mousing over the links in the emails (without clicking) to see where they point to.

Bannen · Jan 4, 2014

I've received the legit GD verification email, but not the phishing one (yet). The legit one doesn't ask you to log in, it gives you a button to click to 'verify'. Once you click the button, it's verified.

There's no reason to log in to GD to do this verification so if the email asks you to login for it, it's a phishing attempt to grab your login details.

In short:
- 'Verify' button ONLY= okay to click in this email.
- Login to verify = phishing. DO NOT login to verify any GD domain or click on any buttons in an email that asks you to login to verify. Everything in this email is suspect.

Ms Domainer · Jan 4, 2014

*

I have posted a note on Go Daddy's Facebook page and sent a note to my rep about this.

Not good!

*

gmd · Jan 4, 2014

Just for security concern, should we change our godaddy password? The most concerning is the info and the payment details stored.

DNabc · Jan 4, 2014

Those ... sent another email, asking people to deactivate Gmail's two step authentication! The nerve!

Second Alert : ERROR - Turn off 2-step verification

Error : 2-Step verification

Solution : Turn off 2-step verification

https://support.google.com/accounts/answer/1064203?hl=en

NameOmnia · Jan 4, 2014

Thank you very much for posting this thread. I will definitely pay more attention from now.
I also posted it on their FB Page and I twitted it.

NameOmnia · Jan 4, 2014

wow...I am upset. Hopefully Godaddy will do something now and stop them.

This link should help recognizing the real email from the fake one

http://domainshane.com/this-is-why-the-godaddy-scams-are-working-one-is-real-one-is-fake/?7061212=1

DNabc · Jan 4, 2014

gmd: Did you enter your password on their page? If not they cannot get it.

photonmymind: Godaddy is aware of this. It's Namebay that needs to shutdown the domain.

NameOmnia · Jan 4, 2014

I see. This link should help recognizing the real and the fake email

http://domainshane.com/this-is-why-the-godaddy-scams-are-working-one-is-real-one-is-fake/?7061212=1

lennco · Jan 4, 2014

DNabc said:
At Godaddy, US customers can also activate the Two Step auth factor (sms login verification).

They need a better 2 step auth.
I log into GD probably 20 times a day since the system logs me out after about 15 minutes of inactivity. It would literally drive me crazy to have to wait for a text and enter a new code every single time I want to log in.

And if I am watching and bidding on an auction and have to wait for a code, I could miss some auctions in the last few seconds.

If the code was good for like 4hrs at a time then it would be good to use.

Keith · Jan 4, 2014

lennco said:
They need a better 2 step auth.
I log into GD probably 20 times a day since the system logs me out after about 15 minutes of inactivity.

Just download the app and select "remember me".

DNabc · Jan 4, 2014

Even for them it's better to use the "remember me" option, and save the confirmation info on a cookie at our computer, than sending a new text message everytime we login.

Archangel · Jan 4, 2014

I regged 2 domains (for a project of mine) & was told both After regging the 1st, I got this:

Dear Valued GoDaddy Customer,

We noticed that you need to verify your email address. To do so, simply click the button below. Without timely verification, you can't fully manage your domain, and we'll be required to put any hosted content on hold.

This doesn't sound very professional. It says it was sent by support@godaddy but I haven't looked in the head to verify it. Funny: this was sent about 1 min after the reg, but I wasn't given a similar email after the 2nd reg. I'm not saying this is a phishing thing but it's suspicious, as I've registered well over 100 domains in my life and had never received an email like this. I'll refrain from clicking on the link in it. I've read too many stories lately of ppl getting hacked.

Anyone else get this email?

DNabc · Jan 5, 2014

If they don't ask you to login, and you haven't verified your email this year, then it's correct. Just make sure the website is really Godaddy.com

You only have to verify your email address once.

This just started in 2014

http://support.godaddy.com/help/article/8948/verifying-contact-information-for-icann-validation

We teach people that it isn't safe to click on email links and now they make this mandatory or the domain will be suspended?

-EM- · Jan 5, 2014

Remember, all the godaddy emails will have a direct user name + surname of the respective customer opening email!
Correct:
Dear Name Surname

Scam:
Dear user,
Dear customer,
Dear godaddy customer,
etc

DNabc · Jan 5, 2014

That can be easily done, especially if they are targetting less people but with lots of names.

GoDaddy WHOIS Verification Email - Beware of Phishing Scam

Account Closed (Disallowed)

Top Member

Top Member

Top Member

Top Member

Top Member

I'll do itRestricted (Chatroom)

Top Member

Established Member

Top Member

Don't say Huh? too much; pretend you understand.Top Member

Top Member

Established Member

Top Member

In DisguiseTop Member

In DisguiseTop Member

Top Member

In DisguiseTop Member

Top Member

Top Member

Top Member

randypendleton.comTop Member

Top Member

Top Member

Top Member

Similar threads

We're social

Pinned

Appreciation

Agreement