GoDaddy WHOIS Verification Email - Beware of Phishing Scam

[ImageAuthors]

Please bump this thread to the top in order to warn people.

BEWARE OF THIS PHISHING SCHEME:

Beware of emails ostensibly from "GoDaddy" with titles like this:

ACTION REQUIRED - Reminder to verify the accuracy of Whois data


Despite the GoDaddy logo and graphics, this appears to be a phishing scam.

You will be directed to a GoDaddy clone website on a domain such as this one:

GoDaddyAuthentication.com

You are prompted to log in, and I'm guessing your password will be used later on to steal your domains.

GoDaddyAuthentication.com shows the following in Whois:

Domain Name: GODADDYAUTHENTICATION.COM
Registrar: NAMEBAY
Whois Server: whois.namebay.com
Referral URL: http://www.namebay.com
Name Server: NS1.ISPFR.NET
Name Server: NS2.ISPFR.NET
Status: ok
Updated Date: 04-jan-2014
Creation Date: 04-jan-2014
Expiration Date: 04-jan-2015
godaddyauthentication.com registrar whois
Updated 1 second ago
Domain Name : GODADDYAUTHENTICATION.COM
Created On : 2014-01-04
Expiration Date : 2015-01-04
Status : ACTIVE
Registrant Name : denis Alain
Registrant Street1 : 26 rue auguste blanche
Registrant City : puteaux
Registrant State/Province :
Registrant Postal Code : 92800
Registrant Country : FR
Admin Name : NUXIT
Admin Street1 : 400 avenue Roumanille
Admin City : Sophia Antipolis
Admin State/Province : FR
Admin Postal Code : 06903
Admin Country : FR
Admin Phone : +33.899563600
Admin Email : [email protected]
Tech Name : NUXIT
Tech Street1 : 400 avenue Roumanille
Tech City : Sophia Antipolis
Tech State/Province : FR
Tech Postal Code : 06903
Tech Country : FR
Tech Phone : +33.899563600
Tech Email : [email protected]
Billing Name : NUXIT
Billing Street1 : 400 avenue Roumanille
Billing City : Sophia Antipolis
Billing State/Province : FR
Billing Postal Code : 06903
Billing Country : FR
Billing Phone : +33.899563600
Billing Email : [email protected]
Name Server : NS1.ISPFR.NET
Name Server : NS2.ISPFR.NET
Registrar Name : Namebay

 

[DNabc]

False ACTION REQUIRED - Reminder to verify the accuracy of Whois data

Please check if you received any email from: [email protected]
(Godaddy doesn't use this address).

Does the email says you need to verify by using OpenID? If yes, it's the same person trying to get the password for your email account.
They will direct you to the domain godaddyauthentication.com , which of course isn't from Godaddy.

I have Two Step authentication factor on gmail so he/she can never enter.

I have reported this to NameBay, Godaddy and Gmail.

 

[Bannen]

I've received the legit GD verification email, but not the phishing one (yet). The legit one doesn't ask you to log in, it gives you a button to click to 'verify'. Once you click the button, it's verified.

There's no reason to log in to GD to do this verification so if the email asks you to login for it, it's a phishing attempt to grab your login details.

In short:
- 'Verify' button ONLY= okay to click in this email.
- Login to verify = phishing. DO NOT login to verify any GD domain or click on any buttons in an email that asks you to login to verify. Everything in this email is suspect.

 

[Keith]

They need a better 2 step auth.
I log into GD probably 20 times a day since the system logs me out after about 15 minutes of inactivity.

Just download the app and select "remember me".

 

[DNabc]

I've seen the code of their website and I think that if they don't have your password you are fine.
If your email provider has a phishing report please use it.

 

[Keith]

I've seen the code of their website and I think that if they don't have your password you are fine.
If your email provider has a phishing report please use it.

I went ahead and changed my passwords for my email and godaddy just to be safe. Thanks for the heads up!

 

[DNabc]

At Godaddy, US customers can also activate the Two Step auth factor (sms login verification).

 

[DNabc]

If they don't ask you to login, and you haven't verified your email this year, then it's correct. Just make sure the website is really Godaddy.com

You only have to verify your email address once.

This just started in 2014
http://support.godaddy.com/help/article/8948/verifying-contact-information-for-icann-validation

We teach people that it isn't safe to click on email links and now they make this mandatory or the domain will be suspended?

 

[-EM-]

Remember, all the godaddy emails will have a direct user name + surname of the respective customer opening email!
Correct:
Dear Name Surname

Scam:
Dear user,
Dear customer,
Dear godaddy customer,
etc

 

[Archangel]

Thanks for the info I wasn't aware that GoDaddy does this now.

If they don't ask you to login, and you haven't verified your email this year, then it's correct. Just make sure the website is really Godaddy.com

You only have to verify your email address once.

This just started in 2014
http://support.godaddy.com/help/article/8948/verifying-contact-information-for-icann-validation

We teach people that it isn't safe to click on email links and now they make this mandatory or the domain will be suspended?

I regged 2 last night (as mentioned earlier). They are active and in my account. I can access them. And a confirmation email never came with either, other than the standard 'Here is your order' one. GoDaddy's always been strange.

*

I regged one new domain last night and one today.

I did NOT receive the verification email for either one.

I'm wondering if GD decided to scrap that verification plan for now.

The one I regged last night is fully operational now.

If you have gmail, there is a way to check the original path (to and from) for your emails. There is drop down menu next to the sender address. Click on "Show Original," which will open a new window. It looks like a bunch of code (which it is, LOL), but you can suss out the to and from fields.

*

 

[Joseph Green]

I regged one new domain last night and one today.

I did NOT receive the verification email for either one.

It took about 48 hours before I received mine. However, the emails might still be in a testing phase where only a portion of Go Daddy customers receive them for the time being.

If you have gmail, there is a way to check the original path (to and from) for your emails. There is drop down menu next to the sender address. Click on "Show Original," which will open a new window. It looks like a bunch of code (which it is, LOL), but you can suss out the to and from fields.

Warning: The "From:" field in those headers can be set by anyone to anything they want, even [email protected]. Never trust an e-mail just because of whom it appears to be from.

 

[Keith]

I got this today. I actually clicked through to the website and then the gmail link. I did NOT continue and enter my username and password. Hoping I'll be alright!

 

[Keral_Patel]

Have changed the Title and Stickied it for somedays so all members can take a note of this and less damage is done.

Thanks

 

[DNabc]

This morning I reported this to all related companies but being a weekend...

 

[tommedema]

I got this as well. I was surprised that Google (I use Gmail) didn't mark it as SPAM/Phising.

 

[NLP]

There is mass confusion surrounding this, because GoDaddy (per new ICANN policies) is also sending out legitimate one-time verification emails upon the registration of a new domain.

http://domaingang.com/domain-news/domain-registrations-godaddy-now-confirms-your-email/

The one I got had a green header. Because the wording was a little different of previous GD emails, I was suspicious, so I called GoDaddy and spoke to two reps before clicking it.

This is very confusing, though, so I'm not sure how people are going to know if what they got was legitimate or not (other than checking the IP and mousing over the links in the emails (without clicking) to see where they point to.

 

[Ms Domainer]

*

I have posted a note on Go Daddy's Facebook page and sent a note to my rep about this.

Not good!

*

 

[gmd]

Just for security concern, should we change our godaddy password? The most concerning is the info and the payment details stored.

 

[DNabc]

Those ... sent another email, asking people to deactivate Gmail's two step authentication! The nerve!

Second Alert : ERROR - Turn off 2-step verification

Error : 2-Step verification

Solution : Turn off 2-step verification

https://support.google.com/accounts/answer/1064203?hl=en

 

[NameOmnia]

Thank you very much for posting this thread. I will definitely pay more attention from now.
I also posted it on their FB Page and I twitted it.

 

[NameOmnia]

wow...I am upset. Hopefully Godaddy will do something now and stop them.

This link should help recognizing the real email from the fake one

http://domainshane.com/this-is-why-the-godaddy-scams-are-working-one-is-real-one-is-fake/?7061212=1

 

[DNabc]

gmd: Did you enter your password on their page? If not they cannot get it.

photonmymind: Godaddy is aware of this. It's Namebay that needs to shutdown the domain.

 

[NameOmnia]

I see. This link should help recognizing the real and the fake email

http://domainshane.com/this-is-why-the-godaddy-scams-are-working-one-is-real-one-is-fake/?7061212=1

 

[lennco]

At Godaddy, US customers can also activate the Two Step auth factor (sms login verification).

They need a better 2 step auth.
I log into GD probably 20 times a day since the system logs me out after about 15 minutes of inactivity. It would literally drive me crazy to have to wait for a text and enter a new code every single time I want to log in.

And if I am watching and bidding on an auction and have to wait for a code, I could miss some auctions in the last few seconds.

If the code was good for like 4hrs at a time then it would be good to use.

 

[DNabc]

Even for them it's better to use the "remember me" option, and save the confirmation info on a cookie at our computer, than sending a new text message everytime we login.