This month, several new phishing emails have been targeting customers of the popular web hosting service and Internet domain registrar GoDaddy.
The attacks began on December 3 when a GoDaddy user spotted a phishing email that plays on the verification requirements of the Internet Corporation for Assigned Names and Numbers (ICANN) in an attempt to trick customers.
In a blog post, the user explains how the email urges recipients to verify their WHOIS contact information for their registered domain names lest they become inactive. The email then provides a link that claims to direct to a site where customers can complete the verification process.
Just a few days later, the same user spotted another phishing email that purports to be offering “.com” domain names at a special savings price.
A large coupon graphic is displayed prominently in the email. Additionally, as part of the alleged special offer, users are asked to click on a link that appears to be using a URL shortener.
The third and final phishing email was spotted just this week. This particular attack warns customers about a large number of directories being used on their sites, and it threatens them with deactivation unless they click on a link.
In actuality, the link leads to a secondary phishing page located at “httx://texlavka.ru/includes/data/ourrueatqz.htm,” where customers are asked to enter their login information.
The attack is excellently crafted insofar as it uses customers’ registered GoDaddy emails and names, and it is written using standard English syntax.
Phishing emails similar to this most recent attack were first spotted back in August of this year and appeared to redirect to phishing sites hosted in Russia.
GoDaddy recommends that its customers do not click on any links in an email. For an additional layer of protection, users should enable two-factor authentication on their accounts and should contact GoDaddy about any suspicious emails they come across.