GoDaddy WHOIS Verification Email - Beware of Phishing Scam

[ImageAuthors]

Please bump this thread to the top in order to warn people.

BEWARE OF THIS PHISHING SCHEME:

Beware of emails ostensibly from "GoDaddy" with titles like this:

ACTION REQUIRED - Reminder to verify the accuracy of Whois data


Despite the GoDaddy logo and graphics, this appears to be a phishing scam.

You will be directed to a GoDaddy clone website on a domain such as this one:

GoDaddyAuthentication.com

You are prompted to log in, and I'm guessing your password will be used later on to steal your domains.

GoDaddyAuthentication.com shows the following in Whois:

Domain Name: GODADDYAUTHENTICATION.COM
Registrar: NAMEBAY
Whois Server: whois.namebay.com
Referral URL: http://www.namebay.com
Name Server: NS1.ISPFR.NET
Name Server: NS2.ISPFR.NET
Status: ok
Updated Date: 04-jan-2014
Creation Date: 04-jan-2014
Expiration Date: 04-jan-2015
godaddyauthentication.com registrar whois
Updated 1 second ago
Domain Name : GODADDYAUTHENTICATION.COM
Created On : 2014-01-04
Expiration Date : 2015-01-04
Status : ACTIVE
Registrant Name : denis Alain
Registrant Street1 : 26 rue auguste blanche
Registrant City : puteaux
Registrant State/Province :
Registrant Postal Code : 92800
Registrant Country : FR
Admin Name : NUXIT
Admin Street1 : 400 avenue Roumanille
Admin City : Sophia Antipolis
Admin State/Province : FR
Admin Postal Code : 06903
Admin Country : FR
Admin Phone : +33.899563600
Admin Email : [email protected]
Tech Name : NUXIT
Tech Street1 : 400 avenue Roumanille
Tech City : Sophia Antipolis
Tech State/Province : FR
Tech Postal Code : 06903
Tech Country : FR
Tech Phone : +33.899563600
Tech Email : [email protected]
Billing Name : NUXIT
Billing Street1 : 400 avenue Roumanille
Billing City : Sophia Antipolis
Billing State/Province : FR
Billing Postal Code : 06903
Billing Country : FR
Billing Phone : +33.899563600
Billing Email : [email protected]
Name Server : NS1.ISPFR.NET
Name Server : NS2.ISPFR.NET
Registrar Name : Namebay

 

[DNabc]

False ACTION REQUIRED - Reminder to verify the accuracy of Whois data

Please check if you received any email from: [email protected]
(Godaddy doesn't use this address).

Does the email says you need to verify by using OpenID? If yes, it's the same person trying to get the password for your email account.
They will direct you to the domain godaddyauthentication.com , which of course isn't from Godaddy.

I have Two Step authentication factor on gmail so he/she can never enter.

I have reported this to NameBay, Godaddy and Gmail.

 

[Keith]

I got this today. I actually clicked through to the website and then the gmail link. I did NOT continue and enter my username and password. Hoping I'll be alright!

 

[DNabc]

I've seen the code of their website and I think that if they don't have your password you are fine.
If your email provider has a phishing report please use it.

 

[Keith]

I've seen the code of their website and I think that if they don't have your password you are fine.
If your email provider has a phishing report please use it.

I went ahead and changed my passwords for my email and godaddy just to be safe. Thanks for the heads up!

 

[DNabc]

At Godaddy, US customers can also activate the Two Step auth factor (sms login verification).

 

[Keral_Patel]

Have changed the Title and Stickied it for somedays so all members can take a note of this and less damage is done.

Thanks

 

[DNabc]

This morning I reported this to all related companies but being a weekend...

 

[tommedema]

I got this as well. I was surprised that Google (I use Gmail) didn't mark it as SPAM/Phising.

 

[NLP]

There is mass confusion surrounding this, because GoDaddy (per new ICANN policies) is also sending out legitimate one-time verification emails upon the registration of a new domain.

http://domaingang.com/domain-news/domain-registrations-godaddy-now-confirms-your-email/

The one I got had a green header. Because the wording was a little different of previous GD emails, I was suspicious, so I called GoDaddy and spoke to two reps before clicking it.

This is very confusing, though, so I'm not sure how people are going to know if what they got was legitimate or not (other than checking the IP and mousing over the links in the emails (without clicking) to see where they point to.

 

[Bannen]

I've received the legit GD verification email, but not the phishing one (yet). The legit one doesn't ask you to log in, it gives you a button to click to 'verify'. Once you click the button, it's verified.

There's no reason to log in to GD to do this verification so if the email asks you to login for it, it's a phishing attempt to grab your login details.

In short:
- 'Verify' button ONLY= okay to click in this email.
- Login to verify = phishing. DO NOT login to verify any GD domain or click on any buttons in an email that asks you to login to verify. Everything in this email is suspect.

 

[Ms Domainer]

*

I have posted a note on Go Daddy's Facebook page and sent a note to my rep about this.

Not good!

*

 

[gmd]

Just for security concern, should we change our godaddy password? The most concerning is the info and the payment details stored.

 

[DNabc]

Those ... sent another email, asking people to deactivate Gmail's two step authentication! The nerve!

Second Alert : ERROR - Turn off 2-step verification

Error : 2-Step verification

Solution : Turn off 2-step verification

https://support.google.com/accounts/answer/1064203?hl=en

 

[NameOmnia]

Thank you very much for posting this thread. I will definitely pay more attention from now.
I also posted it on their FB Page and I twitted it.

 

[NameOmnia]

wow...I am upset. Hopefully Godaddy will do something now and stop them.

This link should help recognizing the real email from the fake one

http://domainshane.com/this-is-why-the-godaddy-scams-are-working-one-is-real-one-is-fake/?7061212=1

 

[DNabc]

gmd: Did you enter your password on their page? If not they cannot get it.

photonmymind: Godaddy is aware of this. It's Namebay that needs to shutdown the domain.

 

[NameOmnia]

I see. This link should help recognizing the real and the fake email

http://domainshane.com/this-is-why-the-godaddy-scams-are-working-one-is-real-one-is-fake/?7061212=1

 

[lennco]

At Godaddy, US customers can also activate the Two Step auth factor (sms login verification).

They need a better 2 step auth.
I log into GD probably 20 times a day since the system logs me out after about 15 minutes of inactivity. It would literally drive me crazy to have to wait for a text and enter a new code every single time I want to log in.

And if I am watching and bidding on an auction and have to wait for a code, I could miss some auctions in the last few seconds.

If the code was good for like 4hrs at a time then it would be good to use.

 

[Keith]

They need a better 2 step auth.
I log into GD probably 20 times a day since the system logs me out after about 15 minutes of inactivity.

Just download the app and select "remember me".