DON'T CLICK on the email!!!!!!
If you got a verification from Godaddy this morning. DON'T CLICK!!
phishing scam
http://www.dnforum.com/f611/
29 thoughts on “BULLETIN: Godaddy.com Phishing Scam. Don’t Click Email!!”
Leave a Reply
Maintained by Rodan Media
Observer
Domain registrars should stop asking domain holders to click on the links in their emails. That’s a stupid practice.
petrogold
It is known that warning “Not to Click” will rather produce more clicks. Rick, may we know more about the Scam.Gratefully,
frank meester
Posted it on Facebook’s Domain Groups.
QuickSellers.com
I never click on any link from registrar. NEVER!
even if they are giving discounts… that’s what you need to watch out!
Sridhar
Any Solution as I already Clicked…
Pitbull
Thanks Rick… Very timely post, as I just got your email at the same time as the Godaddy email…
Pitbull
Try to report the domain to the registrar: Namebay > http://www.namebay.com/spam-report/spam-report.aspx
Hosting company: Nuxit : http://www.nuxit.com/support/
Jay
Shoot, good heads up – I never even thought about avoiding links from emails from my registrars. Thanks Rick! I put up my 2nd blog post yesterday talking about how to avoid domain name scams, I’ll have to add this one and I’ll make sure to give credit.
Rick Schwartz
Credit goes to Joseph Peterson who emailed me as I had just concluded it was a scam but he confirmed it.
CN
Well there is this Phishing email but now there is also a 2 Step Verification Email being sent out by Godaddy. Once you register a new domain, you have to verify the whois by clicking on the link sent out in the email by Godaddy. So one needs to carefully check whether its a general phishing email or a legitimate email when you register a new domain. Now registering a new domain will show as Pending Whois Verification till a point you verify either via email or I guess the other option is via telephone.
Ben
“Well there is this Phishing email but now there is also a 2 Step Verification Email being sent out by Godaddy. Once you register a new domain, you have to verify the whois by clicking on the link sent out in the email by Godaddy.”
Could GoDaddy confirm this? Is that right or is that phishing scam as well?
Louise
Even the phishers don’t want my domains!
Acro
GoDaddy started sending out legitimate verification emails, as required by new mandates by ICANN.
The process involves clicking on a link emailed *once* to the email address that has yet to be verified. NO LOGIN IS REQUIRED in this case, as the click confirms the email using a hashed string.
So the good news: the legitimate email from GoDaddy requires no login.
The bad news: the legitimate email from GoDaddy requires no login.
This paradox signifies that when user interaction is mandatory, the phishing attacks have an advantage.
Acro
If you clicked and no login was presented but ended up on the GoDaddy page confirming your confirmation, it was a legitimate email.
If you clicked and you were asked to log in, you are going to have to change your login info immediately, and/or contact support.
Louise
@ Acro, you don’t need to log in with the verification, because you are ALREADY logged in, having just registered a domain name. Can you confirm this? Register a domain; log out, THEN try clicking the link on the confirmation email.
My experience shows, since you are logged in to begin with, you don’t need to enter your username and psswd.
Acro
Louise, that’s not correct, so please take my statement above as fully accurate: The legitimate email does not require one to be logged in.
Rick Schwartz
I am not smart enough to figure out the genuine from the fake. So I think GoDaddy and whoever gets hit next, needs to add some clarity. I deleted the TWO I have gotten so far. I don’t intend on answering/clicking any of them. I think they need to figure out another way. Not going to happen.
sellmhi
On Jan. 1 2014, registrars were required to begin validating all new and updated contact data that is applied to domain names.
To read more about the required changes go to ICANN’s site:
http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm#whois-accuracy
and
http://www.icann.org/en/news/announcements/announcement-31jul13-en.htm
BullS
First they hit you on top, then below , then at your back and now they want to steal your soul.
gosh…more BS on the internet
Robbie
Rick, godaddy forces you to click the link pretty much, otherwise the domain is unable to have it’s nameservers changed, nor can you move it or sell it etc…
I got this email on Friday, it looked legit, I called in, the guy in the tech call center, said they been dealing with calls all day. It looked like a phoney email, but everything checked back legit. It took the scammers 2 days to get a game plan, and try to trick most likely large domain holders. It is a new icann mandated procedure, really there has to be a better way. No just wait for the new gtld scams, with their .anything emails…
If anyone has any doubts of what they clicked, a simple fix, CHANGE YOUR PASSWORD!
Jagan
Hello Sridhar,
If u clicked & it took you to a page that looked like godaddy login page, you need to immediately change your godaddy.com password & turn on 2 step verification so that if someone tries to log into your account you will receive a phone call. You might also want to call godaddy & tell them to put a hold on your account for the next 30-60 days so that you can plan your next move. Best regards.
Louise
Okay, but I wanted to posit it. We’re having a discussion. When my bank emails me a ilnk to my account, I have to log in. When I sign up for gmail and receive a confirmation email, either I’m logged in, and the confirmation goes through, or I have to log in.
It doesn’t sound secure if you can just click a link without logging in.
Rick
This is what you should see when you click the verify link:
https://www.namepros.com/4592007-post12.html
NEIL@LegalWeed.TV
Rick,
Mr. Observer is perfectly right. God-Bless.org!
This is a malicious practice of ugly dictators registrars, you know better than us.
They are harassing us like we are soliciting the domain names, not paying for them a lot of money…
If you do not click, the nasty registrar is BLOCKING YOUR ACCOUNT.
That’s why Colorado legalized marijuana, for d-o-l-l-a-r.com, not for induced dizziness…The registrars did not get it…
Rick, if you allow me, Happy New Year 2014 to all Domainers!
Huge TargetedTraffic.com on your domains!
DiamondsHub.com and eGoldGold.com to be in your houses! Kind regards, Neil
Ramahn
Acro beat me to it and is 100% correct. For new regs, Godaddy will send an email requiring you to click a link to verify your email. No login is required tho. Its legit.
The rule of thumb is to NEVER give out your password.
Cyborg
A heads up to those who register with Godaddy…
The landing page of ‘godaddy.com’ does not redirect to https so you’ll risk exposing your credentials without encryption when you submit them.
Be sure that you are on SSL when you login by specifically going to https://www.godaddy.com
This is important for this type of phishing scam because they most likely do not have SSL encryption on the fake login…though they might. Pay attention.
MAGOOgle
If anyone is stupid enough to click on a link from “any email” without at least looking at the “link code”, and/or the “header of the email”, you deserve what you get. Your malware scanner and antivirus will never save you from yourself.
That being said, some of these company’s need to keep emails coming from company looking addresses. YouTube is very bad with that ( example: youtu.be is legit but does not look it and they have used it in emails).
Folks, this crap is “not new”. If you want to survive, you better act in your own best interest. Nobody will do it for you.
Ramahn
Correct Mag, and the email godaddy used in the verification link they sent me was ‘sales@godaddy.com’. The same email used for normal domain registration receipts.
Ahsun
Godaddy stole my credit card information. You Payment information is not safe with them. I have explained my whole nightmare here. Do not compromise your payment information with those crooks!!
http://godaddythieves.blogspot.com/