legal Beware:

Status
Not open for further replies.

ImageAuthors

Level 8
Joined
Jul 11, 2011
Messages
1,259
Reaction score
147
Feedback: 69 / 0 / 0
Please bump this thread to the top in order to warn people.

BEWARE OF THIS PHISHING SCHEME:

Beware of emails ostensibly from "GoDaddy" with titles like this:

[h=1]ACTION REQUIRED - Reminder to verify the accuracy of Whois data[/h]
Despite the GoDaddy logo and graphics, this appears to be a phishing scam.

You will be directed to a GoDaddy clone website on a domain such as this one:

GoDaddyAuthentication.com

You are prompted to log in, and I'm guessing your password will be used later on to steal your domains.

GoDaddyAuthentication.com shows the following in Whois:

Domain Name: GODADDYAUTHENTICATION.COM
Registrar: NAMEBAY
Whois Server: whois.namebay.com
Referral URL: https://www.namebay.com
Name Server: NS1.ISPFR.NET
Name Server: NS2.ISPFR.NET
Status: ok
Updated Date: 04-jan-2014
Creation Date: 04-jan-2014
Expiration Date: 04-jan-2015


[h=2]godaddyauthentication.com registrar whois[/h]Updated 1 second ago
Domain Name : GODADDYAUTHENTICATION.COM
Created On : 2014-01-04
Expiration Date : 2015-01-04
Status : ACTIVE
Registrant Name : denis Alain
Registrant Street1 : 26 rue auguste blanche
Registrant City : puteaux
Registrant State/Province :
Registrant Postal Code : 92800
Registrant Country : FR
Admin Name : NUXIT
Admin Street1 : 400 avenue Roumanille
Admin City : Sophia Antipolis
Admin State/Province : FR
Admin Postal Code : 06903
Admin Country : FR
Admin Phone : +33.899563600
Admin Email :
70a8b9627434827f2a3e85c20a3fb0c08eff9e57.png
@nuxit.com
Tech Name : NUXIT
Tech Street1 : 400 avenue Roumanille
Tech City : Sophia Antipolis
Tech State/Province : FR
Tech Postal Code : 06903
Tech Country : FR
Tech Phone : +33.899563600
Tech Email :
70a8b9627434827f2a3e85c20a3fb0c08eff9e57.png
@nuxit.com
Billing Name : NUXIT
Billing Street1 : 400 avenue Roumanille
Billing City : Sophia Antipolis
Billing State/Province : FR
Billing Postal Code : 06903
Billing Country : FR
Billing Phone : +33.899563600
Billing Email :
70a8b9627434827f2a3e85c20a3fb0c08eff9e57.png
@nuxit.com
Name Server : NS1.ISPFR.NET
Name Server : NS2.ISPFR.NET
Registrar Name : Namebay
 

angel69

Level 7
Joined
Dec 20, 2007
Messages
989
Reaction score
118
Feedback: 36 / 0 / 0
I agree w/ImageAuthors, great warning since those scams by email involving YoDaddy look so authentic even to a trained eye that any of us could fall for them. There are so many that look so legitimate from so m any different sources that it's impossible to post every single one on domain forums, and if you fwd them to GD's fraud or security depts one doesn't even know that they even get looked at. Since they're the biggest one expects the most number of scams to target them, and so many domains end up being stolen from GD rather easily sometimes, in fact I'm trying to recall the last email that appeared to be fraud which targeted another registrar, I can't

I've heard of Sedo, SnapNames and Escrow.com having had these aimed at them but not often, or at least not many instances for each lately
 

ImageAuthors

Level 8
Joined
Jul 11, 2011
Messages
1,259
Reaction score
147
Feedback: 69 / 0 / 0
For the record, I was on the phone with a GoDaddy account rep earlier this morning. So they definitely are aware of the scam.

I don't know how many people have been targeted, but GoDaddy has so many customers that potentially thousands of people could have their passwords harvested without even being aware they've been hacked.
 

domain4profits

Level 4
Joined
Aug 28, 2008
Messages
217
Reaction score
5
Feedback: 1 / 0 / 0
Wow!! thank you! I just got an email from godaddy this morning and now I am ignoring all.

I can not even imagine loosing my domains.

Thanks again for the warning.
 

karpok

Level 2
Joined
Feb 23, 2013
Messages
29
Reaction score
0
Feedback: 0 / 0 / 0
I too received this email today. Checked into the link, got a doubt and deleted.
 

DNabc

Web Investor & Developer
Joined
Jan 25, 2004
Messages
334
Reaction score
7
Feedback: 14 / 0 / 0
I wasn't aware of this thread and created another after searching for a few keywords and founding nothing...

This morning I reported this to all related companies except Nuxit as it's the same whois info of the scammer.
 

Shane

Account Terminated
Joined
Jul 6, 2012
Messages
1,720
Reaction score
353
Feedback: 38 / 0 / 0
I also got this email. Almost entered my information until I realized I was no longer on the GoDaddy website.
 

Theo

Level 20
Joined
Feb 28, 2004
Messages
30,304
Reaction score
2,184
Feedback: 723 / 0 / 0
The legitimate email from GoDaddy does not require any login.
 

Biggie

DNForum Moderator
DNF Staff
Joined
Sep 4, 2002
Messages
14,653
Reaction score
1,968
Feedback: 166 / 0 / 0
every time these phishing emails are sent, soon after, you can expect to see a few stolen domains appear on the market.


they will always be priced at a steal.


and someone will always post sold

thinking they got a great deal

so beware...

cuz we've seen it happen year after year.

imo...
 

DanB

Level 4
Joined
Aug 10, 2008
Messages
206
Reaction score
2
Feedback: 22 / 0 / 0
There is also a legit email that goes like this: " Important Notice Regarding Your Domain Name(s)"

[FONT=arial, helvetica]Dear xxxx,

It's that time of year. Because you are the ADMINISTRATIVE CONTACT for the following domain names registered at GoDaddy as of xxxx, ICANN, the Internet Corporation for Assigned Names and Numbers (and/or the associated ccTLD authority), requires that we ask you to review your contact data and make any changes necessary.

[FONT=arial, helvetica] To review/update your contact information, click here.

If you find that your domain contact data is current and accurate, there's no need to take action. If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN and ccTLD WHOIS rules and the terms of your registration agreement, PROVIDING FALSE CONTACT INFORMATION CAN BE GROUNDS FOR DOMAIN NAME CANCELLATION.) To review the ICANN policy, visit: https://www.icann.org/en/whois/wdrp-registrant-faq.htm[/FONT][/FONT]
 

angel69

Level 7
Joined
Dec 20, 2007
Messages
989
Reaction score
118
Feedback: 36 / 0 / 0
That's right, it is legit but it's a new thing from YoDaddy (thanks, acro, you're a lifesaver lol), I had never received one before (not with that exact wording) and it only happens when you handreg a name there, receive a push or transfer some name in, apparently. I would've thought it was a hoax and ignored it, no question, hovering over the links isn't nearly enough anymore, you will get the true godaddy.com domain many times in the real destination URL you're being sent to (bottom of the browser) when it's a scam, they get more and more hard to spot as fraud

Although it looked legit and it was sent to me simultaneously w/another email that I added a domain, I decided to log in and see if any functions were disabled, I still didn't click on the email link. And there is actually a text highlighted in orange in your CP/DDC that reads YOU MUST VERIFY YOUR EMAIL ADDRESS if you just added a domain to your acct

God knows which other legit emails I ignored thinking it was a domain thief and it actually was MoDaddy. But better safe and being prevented from doing some acct activity later than clicking w/o much thought. Remember, scammers are also reading these threads ! A smart scammer will also have a DNF acct (even Exclusive) so always watch what you say. Many times I choose not to warn people here about registrar deficiencies in security (when I should) exactly because you may be assisting thieves and scammers at the same time (posting security flaws/warnings in Exclusive or even some restricted Platinum forums is always preferable, at least those posts don't come up for everyone on the net to read with the right Google search)

There is, however, a legitimate GoDaddy email going out, that asks you to verify your email address - it's sent out as soon as you register a domain name with a particular email address, and only once.
 

Theo

Level 20
Joined
Feb 28, 2004
Messages
30,304
Reaction score
2,184
Feedback: 723 / 0 / 0
To reiterate: ICANN now wants registrars to verify the registrant's email upon registering new domains. Scammers are expected to take advantage of such confirmation emails, by spoofing the overall look and feel of emails sent out by major registrars, such as GoDaddy. As of now, the GoDaddy emails for verification require NO LOGGING IN - the phishing emails do.
 

airmax

Level 6
Joined
Dec 17, 2009
Messages
632
Reaction score
105
Feedback: 75 / 0 / 0
Those ... sent another email, asking people to deactivate Gmail's two step authentication! The nerve!

Second Alert : ERROR - Turn off 2-step verification

Error : 2-Step verification

Solution : Turn off 2-step verification

https://support.google.com/accounts/answer/1064203?hl=en


Which most likely means they have gained access to some accounts, and have encountered this error on some of the more valuable accounts.
 

DNabc

Web Investor & Developer
Joined
Jan 25, 2004
Messages
334
Reaction score
7
Feedback: 14 / 0 / 0
Thanks to that Google now has their IP. There needs to be consequences for this.
 

DNabc

Web Investor & Developer
Joined
Jan 25, 2004
Messages
334
Reaction score
7
Feedback: 14 / 0 / 0
I've just read people saying that they don't need to click on ANY Godaddy email because the domain is his property and no one can suspend it. What a surprise I'll have.
 

Midnight Silver

Level 2
Joined
Jan 19, 2008
Messages
27
Reaction score
3
Feedback: 0 / 0 / 0
#1 -- RED FLAGS -- Always Look at who sent you any E-Mail -- and "Google Search" it ( Nuxit.com Scams ) if things don't right for Scams & Fraud...
#2 Godaddy is not going to use some unknown fly by night Scam Artist like Nuxit.com to handle Personal id information for it's Godaddy Customers.
#3 For Security They will always use Godaddy.com -- Note: -- Some Better Scam artists will try to Modify the Godaddy.com with things not to noticeable to you like e.godaddy.com - igodaddy.com - emailfromgodaddy.com and Many more variations to make it look like a a legitimate Godaddy E-Mail and / or whatever company is being used for the scam.
 
Status
Not open for further replies.
Top Bottom