Phishing attempt upon Godaddy customers

SliconAngle.com reports that two kind of phishing scams are being targeted at Godaddy customers, one notifies the customer about their domain name being sold and the other just notifies that their Inbox is full.

What is Phishing ?

‘Phishing’ is a kind of cyber crime, which phonetically sounds like Fishing but intentions are similar to catch a victim by the use of a bait. Phishing involves impersonation in some company name and sending email / message online to a customer in an attempt to steal sensitive information like password, credit card details, login details, bank info and so on. The email received are designed with original logos and similar color combination as used in the original emails of respective company, in a bid to make the customer visit some fake website and enter his confidential details like login/password, credit card, etc.

Godaddy phishing as Silicon age reports: 

We were made aware this morning by a few customers that they are getting emails claiming to be from GoDaddy that are saying that their valuable domains sold and that they should unlock them and move them to the buyer within 5 days. These emails are FAKE please be extra careful as they appear to come from auctions@godaddy.com but are actually not and they also look like our email templates but the wording is inconsistent with what we would send.
We never ask you to move domains to a buyer within 5 days. I will include the full body of the email below and the subject line so you can be aware and on the lookout. Always feel free to check your “sold” section in your auctions account to confirm a sale and also to reach out to our support if you have any concerns. It is always best to be safe by double checking and we are happy to help.

If you own a Domain Name, you are already a victim of many kind of phishing scams:

a) Recently, emails are received in the name of ‘Domain Services’ asking for renewal of your registered Domain Name at 10X costs, which take a Domain Owner to a fake website, asking for payment details for Domain Name renewal.

b) Before the new gTLDs were launched, Email received that some one is registering your company name in different extensions, but they have put the Domain Registration on hold and providing you the opportunity first to register in those extensions.

IMPORTANT NOTICE Domain SEO Service Registration Corp. Notice#: 593059 Date: 08/30/2016 EXPIRATION OFFER NOTICE DOMAIN: shopping******.org Notification Purchase Offer EXPIRATION OFFER DATE: 09/07/2016 To: R M, NA Address City State, PIN, IN Domain Name: Registration SEO Period: Price: Term: shopping******.org   09/21/2016 to 09/21/2017  $64.00 1 Year SECURE ONLINE PAYMENT Domain Name: shoppingcentre.org Attn: R Makhija This important expiration notification offer notifies you about the expiration offer notice of your domain registration for shopping*******.org  search engine optimization submission. The information in thisexpiration notification offer may contain confidential and/or legally privileged information from the notification processing department of the Domain SEO Service Registration to purchase our search engine traffic generator. We do not register or renew domain names. We are selling traffic generator software tools. This information is intended only for the use of the individual(s) named above. If you fail to complete your domain name registration shopping******.org  search engine optimization service by the expiration date, may result in the cancellation of this search engine optimization domain name notification offer notice. PLEASE CLICK ONSECURE ONLINE PAYMENT TO COMPLETE YOUR PAYMENT. Failure to complete your seo domain name registration shopping******.org  search engine optimization service process may make it difficult for customers to find you on the web. CLICK UNDERNEATH FOR IMMEDIATE PAYMENT PROCESS PAYMENT FOR shopping********.org SECURE ONLINE PAYMENT ACT IMMEDIATELY This domain seo registration for shopping******.org  search engine service optimization notification offer will expire 09/07/2016. Instructions and Unsubscribe Instructions: You have received this message because you elected to receive special notification offers. If you no longer wish to receive our notifications, please unsubscribe here or mail us a written request to Domain SEO Service Registration Corp., Miami Beach, FL 33139. If you have multiple accounts with us, you must opt out for each one individually in order to stop receiving notifications notices. We are a search engine optimization company. We do not directly register or renew domain names. We are selling traffic generator software tools. This message is CAN-SPAM compliant. THIS IS NOT A BILL. THIS IS A NOTIFICATION OFFER. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED UNLESS YOU ACCEPT THIS NOTIFICATION OFFER. This message, which contains promotional material strictly along the guidelines of the CAN-SPAM act of 2003. We have clearly mentioned the source mail-id of this email, also clearly mentioned our subject lines and they are in no way misleading. Please do not reply to this email, as we are not able to respond to messages sent to this address.

Otherwise, most common of Phishing emails are in the name of Banks, Insurance, Ecommerce Portals and so on. As per Wikipedia, the most notable Phishing scams have been:

• 2011/03 RSA Security : Internal RSA staff phished successfully, leading to the master keys for all RSA SecureID security tokens being stolen, then subsequently used to break into US defense suppliers.
• 2013/11 Target (stores)  : 110 million customer and credit card records stolen, through a phished subcontractor account. CEO and IT security staff subsequently fired.
• 2014/09 Home Depot : Personal and Credit card data of 100+million shoppers of all 2200 Home Depot stores posted for sale on hacking web sites.
• 2014/11 ICANN : Notably, administrative access to the Centralized Zone Data System was gained, allowing the attacker to get zone files, and data about users in the system, such as their real names, contact information, and salted hashes of their passwords. Access was also gained to ICANN’s public Governmental Advisory Committee wiki, blog, and whois information portal.

Tips: 

1. Always look for the sender email and if possible, scan through the email headers.
2. Don’t get scared by useless notification that your account will be disabled, etc, better contact the concerned over the phone.
3. Have a proper look at the URL / website that gets opened through phishing email. Though always visit the bank website directly, instead of clicking on the link. In case of doubt, check for the WHOIS info for the domain linked in the email.
4. Remember, the reputed organizations do not ask for the confidential information to be emailed or entered at third party websites.
5. Install proper spam filters at the email server and avoid clicking on links or downloading any attachments from unknown senders.
6. Have proper Antivirus installed in your PC and also review computer security of the computer at regular intervals.
7. Report it ! It can be reported to the Bank or other organization and also to the Email service provider and the Domain Registrar/ Hosting Company as well for necessary action.
8. Can try using specific identity theft products available in the market as well. Though better familiarize yourself with the email technology to safeguard from any such risks.

Follow some tips from Kaspersky.com as well and stay safe !