NameSilo

Godaddy WHOIS Verification Email - Beware of Phishing Scam

Located in General Domain Discussion, started by ImageAuthors, Jan 4, 2014

Replies:
44
Views:
8,145

  1. -EM-

    -EM- Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,831
    Likes Received:
    1,898
    Normally, these emails are sent to many people by using email lists
    It takes more time and knowledge to make custom emails per user, and it hasn't been done till now.
    Just curious, check the email you received and see how is it.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. DNabc

    DNabc Established Member ★★★★★★★★★★

    Posts:
    678
    Likes Received:
    158
    This one has the generic dear customer as you said, but adding the correct name is just a matter of adding a new column to the csv before importing.
    Next time they may be smarter...
    The best way is to verify the url of the website when we are already there, because even an email link can be forged.
     
  3. Joseph Green

    Joseph Green Established Member ★★★★★★★★★★

    Posts:
    748
    Likes Received:
    1,051
    The real verification email from Go Daddy does NOT ask you to "LOG IN TO CONFIRM"

    You simply click the link in the email and then close your browser. Never log in to a site from a link in an email.

    Another way to verify that you're dealing with Go Daddy is to add "https://" in front of the URL instead of "http://" like this:

    [​IMG]
     

    Attached Files:

  4. AEProgram

    AEProgram Top Contributor VIP Blue Account

    Posts:
    1,790
    Likes Received:
    3,576
    here is a general tip as well given we are talking about security. The email listed in your whois should not be the email belonging to your account admin. This wont prevent you from falling for a phishing scam but help with general hacking attempts.
     
  5. Ms Domainer

    Ms Domainer Top Contributor VIP ★★★★★★★★★★

    Posts:
    4,949
    Likes Received:
    3,066
    *

    I regged one new domain last night and one today.

    I did NOT receive the verification email for either one.

    I'm wondering if GD decided to scrap that verification plan for now.

    The one I regged last night is fully operational now.

    If you have gmail, there is a way to check the original path (to and from) for your emails. There is drop down menu next to the sender address. Click on "Show Original," which will open a new window. It looks like a bunch of code (which it is, LOL), but you can suss out the to and from fields.

    *
     
  6. Archangel

    Archangel randypendleton.com VIP ★★★★★★★★★★

    Posts:
    10,527
    Likes Received:
    1,856
    Thanks for the info :) I wasn't aware that GoDaddy does this now.


    I regged 2 last night (as mentioned earlier). They are active and in my account. I can access them. And a confirmation email never came with either, other than the standard 'Here is your order' one. GoDaddy's always been strange.

     
  7. Joseph Green

    Joseph Green Established Member ★★★★★★★★★★

    Posts:
    748
    Likes Received:
    1,051
    It took about 48 hours before I received mine. However, the emails might still be in a testing phase where only a portion of Go Daddy customers receive them for the time being.

    Warning: The "From:" field in those headers can be set by anyone to anything they want, even [email protected]. Never trust an e-mail just because of whom it appears to be from.
     
    Last edited: Jan 5, 2014
  8. cdboard

    cdboard Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,602
    Likes Received:
    568
    FWIW, I did not see the button I was supposed to click in the legitimate godaddy emails until I changed my email program to show messages in html (instead of plain text).
     
  9. Joseph Green

    Joseph Green Established Member ★★★★★★★★★★

    Posts:
    748
    Likes Received:
    1,051
    I wrote this on another thread, but readers can benefit from it here too:

     
  10. domainbartender

    domainbartender Your name server since 2008. VIP ★★★★★★★★★★

    Posts:
    3,928
    Likes Received:
    521
    Have y'all read this? Change in ICANN policies.
     
  11. joshny

    joshny Established Member

    Posts:
    750
    Likes Received:
    79
  12. ImageAuthors

    ImageAuthors Account Closed (Disallowed)

    Posts:
    1,056
    Likes Received:
    476
    If you're aware that these phishing scams are out there and looking for a secure way to handle things, there's a method that sounds very safe. It was posted at DomainGang. Search for "GoDaddy phishing DomainGang" and you'll find a description of what to do.

    I haven't tried it, but it looks like the most robust method to deal with email verifications at GoDaddy now that ICANN has mandated these changes.
     
  13. Joseph Green

    Joseph Green Established Member ★★★★★★★★★★

    Posts:
    748
    Likes Received:
    1,051
  14. lennco

    lennco Top Contributor VIP ★★★★★★★★★★

    Posts:
    7,810
    Likes Received:
    8,482
    Beware! GodaddyAdministration.com

    I just got an email asking me to click this link at godaddyadministration.com and confirm my email.
    Anyone get this one yet?

    I just checked the whois and the return link was just regged so BEWARE!

     
    Last edited: Jan 10, 2014
  15. evvo

    evvo Established Member

    Posts:
    463
    Likes Received:
    4
    I've received it too, this morning! It is exactly the same! the log in to confirm button, the openID thing.
    I've already received the legit Godaddy "Reminder: Please verify your email address" email on the 2nd of January. It had a red banner and an verify your email address( not Log in)
     
  16. Bannen

    Bannen Don't say Huh? too much; pretend you understand. VIP ★★★★★★★★★★

    Posts:
    3,627
    Likes Received:
    3,285
    They're still at it; it appears to be the same person or maybe a couple buddies. I just received this email:

    Subject line:
    Email content:
    Here is a pic of the email, where I have cleverly indicated the offending clues and cunningly placed a red X to show not to do it:

    [​IMG]

    How you know it's fake:
    - godaddy doesn't use UpenID in their verification email
    - godaddy doesn't require you to log in to your account to verify. All you do is click a 'verify' button, without logging in, and it's finished.
    - and of course the big one: the 'log in to confirm' button actually directs you to a fake log in page that is hosted by this website:
    SecureAssistances (dawt) com

    That domain name whois is:

    This whois is almost identical, with a few details changed, to the whois Lennco posted for the domain godaddyadministration.com. The two registrant cities, though different in name, are close together in the north of France, so I suspect the scammer is falsifying several whois records for different domains. Both domains are regged at Namebay.com... interestingly, Namebay.com registrant is in Monaco, a small country surrounded by France (except on the water side of course)...

    Hmm....

    Just a note: to the members in this thread who contacted Godaddy and Namebay about this... did you get any response?


    *Edit: actually their timing was perfect: I won a couple expiring domains at godaddy auctions a week ago and was expecting them to drop into my account today. So this verification email hoodwinked me for a moment, until I remembered about this phishing scam.
     

    Attached Files:

    Last edited: Mar 1, 2014
  17. cdboard

    cdboard Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,602
    Likes Received:
    568

    did their emails mention the domain names?


    (anywhere: in the subject, email address, link, or body of email)
     
  18. AEProgram

    AEProgram Top Contributor VIP Blue Account

    Posts:
    1,790
    Likes Received:
    3,576
    make sure to alert to host and the registrar
     
  19. Bannen

    Bannen Don't say Huh? too much; pretend you understand. VIP ★★★★★★★★★★

    Posts:
    3,627
    Likes Received:
    3,285
    Nope.

    ---------- Post added at 02:10 PM ---------- Previous post was at 02:07 PM ----------

    Thanks; that's why I asked others who had done so if they had any response. If they emailed and no one cared or responded, I won't bother. If they got a response and something was done, I will bother.
     
  20. Ms Domainer

    Ms Domainer Top Contributor VIP ★★★★★★★★★★

    Posts:
    4,949
    Likes Received:
    3,066
    *

    The real verification email does not contain the domain name(s), either.

    *
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...