I received an email from Go Daddy earlier today, which informed me that numerous failed login attempts have been detected on my account and that I need to verify my information to ensure account security. It sounded like Go Daddy really cares about my account security and that I should do as the email instructed. Except the email message is not from Go Daddy — it’s a phishing email.
Here’s the phishing email text:
Dear Customer,
This notification is generated automatically as a service to you.
Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security.
Please click on sign in to domain servers {link removed} to continue to the verification process and ensure your account security. It is all about your security. Thank you. and visit the customer service section.please contact us within 1 days.
If you need to address this matter, or in any way need further assistance or technical support, call us any time at (480) 505-8877 or email us at support@godaddy.com. We appreciate your business!
Sincerely,
GoDaddy.com DomainAlert team
How did I know that it was a phishing email? There were a few indicators:
- Grammatical errors in the email message (“on you account”, “their might be some security problem on you account”, etc.). These scammers really need to invest on hiring better copywriters or, at least, proofreaders.
- Link to the Go Daddy verification site resembles Go Daddy’s Web site (www.godaddy.com), but it’s not. If you receive a similar email, just hover your mouse pointer on the verification link and you’ll see that the URL is not www.godaddy.com.
The “verification page” will prompt you for your Go Daddy user name and password. Once you enter your user name and password on the page, the phisher or scammer will use it to log in to your account and transfer your domains to his account.
If you receive a similar email, delete it immediately. Do not even click the link as visiting the fake verification page will install a cookie on your computer — something that the phisher or scammer might use later on to gather information about you.
Here’s a screen shot of the phishing email, so you’ll have an idea of how deceiving and official-looking it may seem. Just be careful, use a hard-to-guess password, and change it periodically.