NameSilo

Godaddy WHOIS Verification Email - Beware of Phishing Scam

Located in General Domain Discussion, started by ImageAuthors, Jan 4, 2014

Replies:
44
Views:
7,635

  1. ImageAuthors

    ImageAuthors Account Closed (Disallowed)

    Posts:
    1,056
    Likes Received:
    476
    Please bump this thread to the top in order to warn people.

    BEWARE OF THIS PHISHING SCHEME:

    Beware of emails ostensibly from "GoDaddy" with titles like this:

    ACTION REQUIRED - Reminder to verify the accuracy of Whois data


    Despite the GoDaddy logo and graphics, this appears to be a phishing scam.

    You will be directed to a GoDaddy clone website on a domain such as this one:

    GoDaddyAuthentication.com

    You are prompted to log in, and I'm guessing your password will be used later on to steal your domains.

    GoDaddyAuthentication.com shows the following in Whois:

    Domain Name: GODADDYAUTHENTICATION.COM
    Registrar: NAMEBAY
    Whois Server: whois.namebay.com
    Referral URL: http://www.namebay.com
    Name Server: NS1.ISPFR.NET
    Name Server: NS2.ISPFR.NET
    Status: ok
    Updated Date: 04-jan-2014
    Creation Date: 04-jan-2014
    Expiration Date: 04-jan-2015
    godaddyauthentication.com registrar whois
    Updated 1 second ago
    Domain Name : GODADDYAUTHENTICATION.COM
    Created On : 2014-01-04
    Expiration Date : 2015-01-04
    Status : ACTIVE
    Registrant Name : denis Alain
    Registrant Street1 : 26 rue auguste blanche
    Registrant City : puteaux
    Registrant State/Province :
    Registrant Postal Code : 92800
    Registrant Country : FR
    Admin Name : NUXIT
    Admin Street1 : 400 avenue Roumanille
    Admin City : Sophia Antipolis
    Admin State/Province : FR
    Admin Postal Code : 06903
    Admin Country : FR
    Admin Phone : +33.899563600
    Admin Email : [email protected]
    Tech Name : NUXIT
    Tech Street1 : 400 avenue Roumanille
    Tech City : Sophia Antipolis
    Tech State/Province : FR
    Tech Postal Code : 06903
    Tech Country : FR
    Tech Phone : +33.899563600
    Tech Email : [email protected]
    Billing Name : NUXIT
    Billing Street1 : 400 avenue Roumanille
    Billing City : Sophia Antipolis
    Billing State/Province : FR
    Billing Postal Code : 06903
    Billing Country : FR
    Billing Phone : +33.899563600
    Billing Email : [email protected]
    Name Server : NS1.ISPFR.NET
    Name Server : NS2.ISPFR.NET
    Registrar Name : Namebay
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    False ACTION REQUIRED - Reminder to verify the accuracy of Whois data

    Please check if you received any email from: [email protected]
    (Godaddy doesn't use this address).

    Does the email says you need to verify by using OpenID? If yes, it's the same person trying to get the password for your email account.
    They will direct you to the domain godaddyauthentication.com , which of course isn't from Godaddy.

    I have Two Step authentication factor on gmail so he/she can never enter.

    I have reported this to NameBay, Godaddy and Gmail.
     
  3. Keith

    Keith Top Contributor VIP ★★★★★★★★★★

    Posts:
    9,151
    Likes Received:
    10,100
    I got this today. I actually clicked through to the website and then the gmail link. I did NOT continue and enter my username and password. Hoping I'll be alright!
     
  4. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    I've seen the code of their website and I think that if they don't have your password you are fine.
    If your email provider has a phishing report please use it.
     
  5. Keith

    Keith Top Contributor VIP ★★★★★★★★★★

    Posts:
    9,151
    Likes Received:
    10,100
    I went ahead and changed my passwords for my email and godaddy just to be safe. Thanks for the heads up!
     
  6. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    At Godaddy, US customers can also activate the Two Step auth factor (sms login verification).
     
  7. Keral_Patel

    Keral_Patel I'll do it

    Posts:
    10,170
    Likes Received:
    1,594
    Have changed the Title and Stickied it for somedays so all members can take a note of this and less damage is done.

    Thanks :)
     
  8. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    This morning I reported this to all related companies but being a weekend...
     
  9. tommedema

    tommedema Established Member

    Posts:
    22
    Likes Received:
    4
    I got this as well. I was surprised that Google (I use Gmail) didn't mark it as SPAM/Phising.
     
  10. NLP

    NLP Top Contributor VIP ★★★★★★★★★★

    Posts:
    807
    Likes Received:
    560
    There is mass confusion surrounding this, because GoDaddy (per new ICANN policies) is also sending out legitimate one-time verification emails upon the registration of a new domain.

    http://domaingang.com/domain-news/domain-registrations-godaddy-now-confirms-your-email/

    The one I got had a green header. Because the wording was a little different of previous GD emails, I was suspicious, so I called GoDaddy and spoke to two reps before clicking it.

    This is very confusing, though, so I'm not sure how people are going to know if what they got was legitimate or not (other than checking the IP and mousing over the links in the emails (without clicking) to see where they point to.
     
  11. Bannen

    Bannen Don't say Huh? too much; pretend you understand. VIP ★★★★★★★★★★

    Posts:
    3,594
    Likes Received:
    3,159
    I've received the legit GD verification email, but not the phishing one (yet). The legit one doesn't ask you to log in, it gives you a button to click to 'verify'. Once you click the button, it's verified.

    There's no reason to log in to GD to do this verification so if the email asks you to login for it, it's a phishing attempt to grab your login details.

    In short:
    - 'Verify' button ONLY= okay to click in this email.
    - Login to verify = phishing. DO NOT login to verify any GD domain or click on any buttons in an email that asks you to login to verify. Everything in this email is suspect.
     
    Last edited: Jan 4, 2014
  12. Ms Domainer

    Ms Domainer Top Contributor VIP ★★★★★★★★★★

    Posts:
    4,949
    Likes Received:
    3,064
    *

    I have posted a note on Go Daddy's Facebook page and sent a note to my rep about this.

    Not good!

    *
     
  13. gmd

    gmd Established Member

    Posts:
    889
    Likes Received:
    101
    Just for security concern, should we change our godaddy password? The most concerning is the info and the payment details stored.
     
  14. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    Those ... sent another email, asking people to deactivate Gmail's two step authentication! The nerve!

    Second Alert : ERROR - Turn off 2-step verification

    Error : 2-Step verification

    Solution : Turn off 2-step verification

    https://support.google.com/accounts/answer/1064203?hl=en
     
  15. NameOmnia

    NameOmnia alea iacta est VIP

    Posts:
    6,276
    Likes Received:
    7,066
    Thank you very much for posting this thread. I will definitely pay more attention from now.
    I also posted it on their FB Page and I twitted it.
     
  16. NameOmnia

    NameOmnia alea iacta est VIP

    Posts:
    6,276
    Likes Received:
    7,066
    Last edited: Jan 4, 2014
  17. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    gmd: Did you enter your password on their page? If not they cannot get it.

    photonmymind: Godaddy is aware of this. It's Namebay that needs to shutdown the domain.
     
  18. NameOmnia

    NameOmnia alea iacta est VIP

    Posts:
    6,276
    Likes Received:
    7,066
  19. lennco

    lennco Top Contributor VIP ★★★★★★★★★★

    Posts:
    6,188
    Likes Received:
    6,659
    They need a better 2 step auth.
    I log into GD probably 20 times a day since the system logs me out after about 15 minutes of inactivity. It would literally drive me crazy to have to wait for a text and enter a new code every single time I want to log in.

    And if I am watching and bidding on an auction and have to wait for a code, I could miss some auctions in the last few seconds.

    If the code was good for like 4hrs at a time then it would be good to use.
     
  20. Keith

    Keith Top Contributor VIP ★★★★★★★★★★

    Posts:
    9,151
    Likes Received:
    10,100
    Just download the app and select "remember me".
     
  21. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    Even for them it's better to use the "remember me" option, and save the confirmation info on a cookie at our computer, than sending a new text message everytime we login.
     
  22. Archangel

    Archangel randypendleton.com VIP ★★★★★★★★★★

    Posts:
    10,527
    Likes Received:
    1,844
    I regged 2 domains (for a project of mine) & was told both After regging the 1st, I got this:

    This doesn't sound very professional. It says it was sent by [email protected] but I haven't looked in the head to verify it. Funny: this was sent about 1 min after the reg, but I wasn't given a similar email after the 2nd reg. I'm not saying this is a phishing thing but it's suspicious, as I've registered well over 100 domains in my life and had never received an email like this. I'll refrain from clicking on the link in it. I've read too many stories lately of ppl getting hacked.

    Anyone else get this email?
     
  23. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    Last edited: Jan 5, 2014
  24. -EM-

    -EM- Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,833
    Likes Received:
    1,878
    Remember, all the godaddy emails will have a direct user name + surname of the respective customer opening email!
    Correct:
    Dear Name Surname

    Scam:
    Dear user,
    Dear customer,
    Dear godaddy customer,
    etc
     
  25. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    156
    That can be easily done, especially if they are targetting less people but with lots of names.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...