Scammer pretending to be from GoDaddy. Be carefull!

[vlad74]

Got a " Godadd" email (see below) today, asking to verify data for one of my domains. I was suspicious about the address where you need to go: "com-services.name". If you follow the link, you are asked for a login and a password for your Godaddy account.

I checked whois at icann (http://whois.icann.org/en/lookup?name=com-services.name), it looks suspicious - domain was created just today.

For me looks like a scam. What do you think?

Domain Name ID: 13732504_DOMAIN_NAME-VRSN
Domain Name: COM-SERVICES.NAME
Sponsoring Registrar: 1 API GmbH
Sponsoring Registrar IANA ID: 1387
Domain Status: ok http://www.icann.org/epp#OK
Registrant ID: 12167447_CONTACT_NAME-VRSN
Admin ID: 12167447_CONTACT_NAME-VRSN
Tech ID: 12167447_CONTACT_NAME-VRSN
Billing ID: 12167447_CONTACT_NAME-VRSN
Name Server: F1G1NS1.DNSPOD.NET
Name Server ID: 1887696_HOST_NAME-VRSN
Name Server: F1G1NS2.DNSPOD.NET
Name Server ID: 1887697_HOST_NAME-VRSN
Created On: 2015-09-26T04:24:57Z
Expires On: 2016-09-26T04:24:57Z
Updated On: 2015-09-26T04:25:50Z

Email received:

Action required: Please verify your email address

Dear GoDaddy Customer,

=============================================
IMMEDIATE VERIFICATION REQUIRED FOR name removed
=============================================

*ICANN, the Internet Corporation for Assigned Names and Numbers, requires that all domain registrars maintain correct and current WHOIS contact data for domain owners.

You have registered one or more domains from Godaddy Inc. and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. If you don't verify your email address, we’re required to temporarily put your website on hold until verification is complete.*
Please cut-and-paste the following URL into an open web browser to complete the verification process:

http://www.godaddy.com-services.name/domains/contact-validation/mailverify/VerificationCode=473E-RTFU-QSZl-Z2QL-EFEE38A5869

Please do not reply to this email. Emails sent to this address will not be answered.
Thanks for being a GoDaddy customer.
-------------------------------------------------------------------------------------
Copyright (C)1999-2015 GoDaddy Operating Company, LLC. 14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260. All rights reserved.

Email received from:

Delivered-To: emailremoved
Received: by 10.103.76.145 with SMTP id h17csp369695vsg;
Fri, 25 Sep 2015 22:28:08 -0700 (PDT)
X-Received: by 10.67.6.164 with SMTP id cv4mr12153758pad.59.1443245288226;
Fri, 25 Sep 2015 22:28:08 -0700 (PDT)
Return-Path: <[email protected]-services.name>
Received: from smtpbg299.qq.com (smtpbg299.qq.com. [184.105.67.99])
by mx.google.com with ESMTPS id pv8si10355269pbc.74.2015.09.25.22.28.05
for <emailremoved>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Fri, 25 Sep 2015 22:28:07 -0700 (PDT)
Received-SPF: neutral (google.com: 184.105.67.99 is neither permitted nor denied by best guess record for domain of [email protected]-services.name) client-ip=184.105.67.99;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.105.67.99 is neither permitted nor denied by best guess record for domain of [email protected]-services.name) smtp.mailfrom=[email protected]-services.name
X-QQ-FEAT: T0YRUqawAy008R6P/yHY83bEyuSrXfunTdZC6AUFKGRHmCTjXmYA2LNGMwPb8
Ry+6wdZmVwxzvyz5w0MGqwSPBmyvs8YXeOEeOg79Btuh3Otkic85cX8ZEAinVpbjQyFusFg
/lLI6pcpuMyfCxUjIyfJ8Fcq9GMdnJ+egSxySGikV5IcN8cHo3AiyzaASlCUEQu4tdV0eEW
fiWHaG5Kk76kQwy6+bW3vmkKDl4rk3L3TNA6AoJcT0Q==
X-QQ-SSF: 0000000000000020000000000000000
X-HAS-ATTACH: no
X-QQ-BUSINESS-ORIGIN: 2
X-QQ-DNTY: 1
X-Originating-IP: 45.114.190.24
X-QQ-STYLE:
X-QQ-mid: webmail430t1443245278t458547
From: "=?gb18030?B?R29EYWRkeQ==?=" <[email protected]-services.name>
To: "=?gb18030?B?dmxhZGltaXJ6YXl0c2V2NzQ=?=" <emailremoved>
Subject: Action required: Please verify your email address
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_56062CDE_09677B20_76849B3C"
Content-Transfer-Encoding: 8Bit
Date: Sat, 26 Sep 2015 13:27:58 +0800
X-Priority: 3
Message-ID: <[email protected]>
X-QQ-MIME: TCMime 1.0 by Tencent
X-Mailer: QQMail 2.x
X-QQ-Mailer: QQMail 2.x
X-QQ-SENDSIZE: 520
X-QQ-FName: 181E342769FF47C99AF750F5975B664D
X-QQ-LocalIP: 127.0.0.1

Be carefull!

 

[DomainStation]

Similar to: https://www.namepros.com/threads/scam-alert-be-carefull.880544/

 

[vlad74]

Similar to: https://www.namepros.com/threads/scam-alert-be-carefull.880544/

Thanks. Looks similar. Now this scammer uses a new domain "COM-SERVICES.NAME" (in your quoted thread he used "com-service.name"

 

[vlad74]

I just sent the following email to 1 API GmbH:
---------------------------
Dear Sir or Madam,
I received today a fishing email, which contains a link to a domain, registered through your company. Email sender pretends to be from Godaddy.com but the link leads to the domain "COM-SERVICES.NAME"

Full link from the received email:
http://www.godaddy.com-services.name/domains/contact-validation/mailverify/VerificationCode=473E-RTFU-QSZl-Z2QL-EFEE38A5869


As you company is a registrar of this domain:

Domain Name: COM-SERVICES.NAME
Sponsoring Registrar: 1 API GmbH
I will appreciare your prompt actions. Could you please immediatly suspend the domain and provide me with the details who has registered and paid for that domain "COM-SERVICES.NAME".

I have already posted a warning on the forum namepros: https://www.namepros.com/threads/scammer-be-carefull.881782/

It looks like it was similar issue a week ago with similar scammer scheme with another similar sounding domain, see discussion
https://www.namepros.com/threads/scam-alert-be-carefull.880544/

Waiting for your prompt response.

PS
As per ICANN rules,
The 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to provide abuse contact information and take steps to investigate reports of abuse. This includes:
...
Establishing and maintaining a dedicated abuse point of contact to receive reports of illegal activity and review such reports within 24 hours of submission. This includes a dedicated email address and telephone number that is monitored 24 hours a day, seven days a week;

As 1 API GmbH falls under 2013RAA, I therefore expect your feedback within the next 24 hours.

Best regards,
name, email, address, phone.
-------------------------------

I expect the registrar will provide feedback or suspend suspend the domain within 24 hours as per ICANN rules, as for registrars not complying with such rule you may fill a complain about them to ICANN https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form

 

[vdonline]

You should public the information of that scammer when you receive it.