Phising email

[kbm]

I received a fake godaddy email today wanted to share with the community.

it almost looked like a legitimate Godaddy email until you get into the headers. xxx is where my email address was.
As you can tell the sender is mihannet.com NOT Godaddy

From: [email protected]
Subject: Important ICANN Notice Regarding Your Domain Name(s)
Date: July 17, 2010 4:19:32 AM PDT
To: [email protected]
Return-Path: <[email protected]>
Envelope-To: [email protected]
Delivery-Date: Sun, 18 Jul 2010 13:56:45 -0500
Received: from sysvpn by afa.mihannet.com with local (Exim 4.67) (envelope-from <[email protected]>) id 1Oa5Qa-0004DT-RX for xxx@xxxx; Sat, 17 Jul 2010 07:19:32 -0400
X-Php-Script: dcc.goddadldy.com/index2.php for 85.9.88.101
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
X-Originating-Ip: []
X-Originating-Email: [[email protected]]
X-Mailer: Anonymail
Message-Id: <[email protected]>
Sender: <[email protected]>

Body of the message reads:

Important ICANN Notice Regarding Your Domain Name(s)
****************************** ***********

Dear User,

it is that time of year again. ICANN(the Internet Corporation for Assigned Names and Numbers) annually requires that all accredited registrars (like GoDaddy.com) ask their domain administrators/registrants to review domain name contact data, and make any changes necessary to ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more domains registered at GoDaddy.com, Inc. as of May 1st, 2010.

To review/update your Account data, simply:
+ Login to https://dcc.godaddy.com/ default.aspx?isc=ICANN0908a& amp;ci=8987
+ You will be taken to a landing page and asked to enter your account information
Please take a look that your account and domain information is up to date.

If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN rules and the terms of your registration agreement, providing false contact information can be grounds for domain name cancellation.) To review the ICANN policy, visit:http://www.icann.org/ whois/wdrp-registrant-faq.htm

Should you have any questions, please email us at [email protected] or call our customer support line at (480) 505-8877.

Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.

Sincerely,
GoDaddy.com, Inc. Domain Support


If you are the domain administrator of more than one GoDaddy.com domain account, you may receive this notice multiple times.
------------------------------ ------------------------------ ------------------------------ ---
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.

 

[nielsencl]

There is a topic for this kind of thing here. You will help everyone by posting the entire message with headers in a thread over there.

Also, when people get messages like this, they should report it to the IP whois contact responsible for where the phishing site is hosted. You can also give them a phone call and let them know.

 

[kbm]

I will request to have it moved,

I did post the full header, the only thing I removed was my email address and the my server information.

 

[nielsencl]

Sorry. I know you posted the header, I was hoping you would post the body of the email message. If people search on something in that message it they may find the message and be warned.

 

[Sparhawke]

GoDaddy spams everyones email so much that I doubt they will even bother to look at this though.

 

[kbm]

Sorry. I know you posted the header, I was hoping you would post the body of the email message. If people search on something in that message it they may find the message and be warned.

Done! added the body of the message.

 

[kbm]

just received another one, someone is determined.

From: [email protected]
Subject: Important ICANN Notice Regarding Your Domain Name(s)
Date: July 24, 2010 10:58:26 AM PDT
To: [email protected]
Return-Path: <[email protected]>
Envelope-To: [email protected]
Delivery-Date: Sat, 24 Jul 2010 12:58:10 -0500
Received: from [67.23.233.46] (helo=server.cpanelhome.com) by xxx.xxxx.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <[email protected]>) id 1Ociz8-0007GR-9s for [email protected]; Sat, 24 Jul 2010 12:58:07 -0500
Received: from gobaddyc by server.cpanelhome.com with local (Exim 4.69) (envelope-from <[email protected]>) id 1OcizS-0002ZG-UW for [email protected]; Sat, 24 Jul 2010 21:58:27 +0400
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
X-Originating-Ip: []
X-Originating-Email: [[email protected]]
X-Mailer: Anonymail
Message-Id: <[email protected]>
X-Antiabuse: This header was added to track abuse, please include it with any abuse report
X-Antiabuse: Primary Hostname - server.cpanelhome.com
X-Antiabuse: Original Domain - xxxx.com
X-Antiabuse: Originator/Caller UID/GID - [512 509] / [47 12]
X-Antiabuse: Sender Address Domain - server.cpanelhome.com

****************************** ***********
Important ICANN Notice Regarding Your Domain Name(s)
****************************** ***********

Dear User,

it is that time of year again. ICANN(the Internet Corporation for Assigned Names and Numbers) annually requires that all accredited registrars (like GoDaddy.com) ask their domain administrators/registrants to review domain name contact data, and make any changes necessary to ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more domains registered at GoDaddy.com, Inc. as of May 1st, 2010.

To review/update your Account data, simply:
+ Login to https://dcc.godaddy.com/ default.aspx?isc=ICANN0908a& amp;ci=8987
+ You will be taken to a landing page and asked to enter your account information
Please take a look that your account and domain information is up to date.

If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN rules and the terms of your registration agreement, providing false contact information can be grounds for domain name cancellation.) To review the ICANN policy, visit:ICANN - Internet Corporation for Assigned Names and Numbers whois/wdrp-registrant-faq.htm

Should you have any questions, please email us at [email protected] or call our customer support line at (480) 505-8877.

Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.

Sincerely,
GoDaddy.com, Inc. Domain Support


If you are the domain administrator of more than one GoDaddy.com domain account, you may receive this notice multiple times.
------------------------------ ------------------------------ ------------------------------ ---
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.

 

[Makis.TV]

Me too, its the second time receiving this same email.
First one was reported to Godaddy but I guess no action was taken from their side.

 

[stoppingfear]

Lol the email is filled with grammar issues which a legitimate business email would avoid.

 

[kbm]

update on the second email I posted here.

I actually send a complaint to the web hosting company and received a response.

We are about to suspend the client for abusing our terms of service on two strikes. Sorry that you had to receive this email. We hope you have a great day.

Best Regards,

cPanelHome Team

 

[nielsencl]

Great! As I said, reporting spam correctly does work.