Godaddy WHOIS Verification Email - Beware of Phishing Scam

Normally, these emails are sent to many people by using email lists
It takes more time and knowledge to make custom emails per user, and it hasn't been done till now.
Just curious, check the email you received and see how is it.

 

This one has the generic dear customer as you said, but adding the correct name is just a matter of adding a new column to the csv before importing.
Next time they may be smarter...
The best way is to verify the url of the website when we are already there, because even an email link can be forged.

 

The real verification email from Go Daddy does NOT ask you to "LOG IN TO CONFIRM"

You simply click the link in the email and then close your browser. Never log in to a site from a link in an email.

Another way to verify that you're dealing with Go Daddy is to add "https://" in front of the URL instead of "http://" like this:

 

here is a general tip as well given we are talking about security. The email listed in your whois should not be the email belonging to your account admin. This wont prevent you from falling for a phishing scam but help with general hacking attempts.

 

*

I regged one new domain last night and one today.

I did NOT receive the verification email for either one.

I'm wondering if GD decided to scrap that verification plan for now.

The one I regged last night is fully operational now.

If you have gmail, there is a way to check the original path (to and from) for your emails. There is drop down menu next to the sender address. Click on "Show Original," which will open a new window. It looks like a bunch of code (which it is, LOL), but you can suss out the to and from fields.

*

 

Thanks for the info I wasn't aware that GoDaddy does this now.

I regged 2 last night (as mentioned earlier). They are active and in my account. I can access them. And a confirmation email never came with either, other than the standard 'Here is your order' one. GoDaddy's always been strange.

 

It took about 48 hours before I received mine. However, the emails might still be in a testing phase where only a portion of Go Daddy customers receive them for the time being.

Warning: The "From:" field in those headers can be set by anyone to anything they want, even [email protected]. Never trust an e-mail just because of whom it appears to be from.

 

FWIW, I did not see the button I was supposed to click in the legitimate godaddy emails until I changed my email program to show messages in html (instead of plain text).

 

I wrote this on another thread, but readers can benefit from it here too:

 

Have y'all read this? Change in ICANN policies.

 

i just got this
http://postimg.org/image/4egm27ik3/
http://postimg.org/image/5nnfd9swx/

I hope this is legit??
it didn't redirect me to any fake domain, it did not ask me to log in, no OpenID mentioned anywhere
and it wasn't from [email protected]
But just in case..

P.S: Funny , HOW IT ARRIVES RIGHT WHEN THE SCAM IS GOING ON!!

 

If you're aware that these phishing scams are out there and looking for a secure way to handle things, there's a method that sounds very safe. It was posted at DomainGang. Search for "GoDaddy phishing DomainGang" and you'll find a description of what to do.

I haven't tried it, but it looks like the most robust method to deal with email verifications at GoDaddy now that ICANN has mandated these changes.

 

Method referenced by ImageAuthors:

http://domaingang.com/domain-news/the-godaddy-email-confirmation-mess-do-it-in-the-domain-manager/

 

Beware! GodaddyAdministration.com

I just got an email asking me to click this link at godaddyadministration.com and confirm my email.

Anyone get this one yet?

I just checked the whois and the return link was just regged so BEWARE!

 

I've received it too, this morning! It is exactly the same! the log in to confirm button, the openID thing.
I've already received the legit Godaddy "Reminder: Please verify your email address" email on the 2nd of January. It had a red banner and an verify your email address( not Log in)

 

They're still at it; it appears to be the same person or maybe a couple buddies. I just received this email:

Subject line:

Email content:

Here is a pic of the email, where I have cleverly indicated the offending clues and cunningly placed a red X to show not to do it:



How you know it's fake:
- godaddy doesn't use UpenID in their verification email
- godaddy doesn't require you to log in to your account to verify. All you do is click a 'verify' button, without logging in, and it's finished.
- and of course the big one: the 'log in to confirm' button actually directs you to a fake log in page that is hosted by this website:
SecureAssistances (dawt) com

That domain name whois is:

This whois is almost identical, with a few details changed, to the whois Lennco posted for the domain godaddyadministration.com. The two registrant cities, though different in name, are close together in the north of France, so I suspect the scammer is falsifying several whois records for different domains. Both domains are regged at Namebay.com... interestingly, Namebay.com registrant is in Monaco, a small country surrounded by France (except on the water side of course)...

Hmm....

Just a note: to the members in this thread who contacted Godaddy and Namebay about this... did you get any response?


*Edit: actually their timing was perfect: I won a couple expiring domains at godaddy auctions a week ago and was expecting them to drop into my account today. So this verification email hoodwinked me for a moment, until I remembered about this phishing scam.

 

did their emails mention the domain names?


(anywhere: in the subject, email address, link, or body of email)

 

make sure to alert to host and the registrar

 

Nope.

---------- Post added at 02:10 PM ---------- Previous post was at 02:07 PM ----------

Thanks; that's why I asked others who had done so if they had any response. If they emailed and no one cared or responded, I won't bother. If they got a response and something was done, I will bother.

 

*

The real verification email does not contain the domain name(s), either.

*