New GoDaddy phishing email and website using a domain registered at GoDaddy!

I received a scam email today that tries to trick domain name and website owners into going to some phishing website to supposedly agree to the new GoDaddy Universal Terms of Service Agreement.

Here is the email:

From: GoDaddy <ssl4194noreply@wrdsb.ca> Canada
To: ****************************
Subject: Universal Terms of Service Agreement have expired.
Universal Terms of Service Agreement

One or more items in our Universal Terms of Service Agreement have expired. Agree the updated Terms today to avoid any disruption of services.
Dear user, some elements of our Universal Terms of Service Agreement (ToS) have been modified for better service use. But don’t worry, you can still use your services after you read and agree the new ToS.

Continue

Copyright © 1999-2017 GoDaddy Operating Company, LLC. 14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260. All rights reserved.

The email seems to be coming from a .ca email address but in reality it is coming from bwucqncc@frontierproductions.jp.

The link in the email takes you to a GoDaddy phishing website that is using a .info domain name. This is the link: https://sso-godaddy-tos.fsa-centraldistrict.info/sign.in.html

The phishing website above is very similar to the real GoDaddy.com website.

I typed in some gibberish and of course they recorded the Username and Password information (and never really validated them) and then I got to the “GODADDY HOSTING AGREEMENT” at this link:

https://sso-godaddy-tos.fsa-centraldistrict.info/legal.php

Of course it is all fake and copied by the GoDaddy website. For example it says “Last Revised: October 1, 2017” at the top and “Revised: 9/12/15” at the bottom.

If you click on either “Skip” or “Agree” at the bottom of the terms you are redirected to the real GoDaddy website!

The fsa-centraldistrict.info domain name was registered in January 2016 at GoDaddy of all places! The domain name is of course using whois privacy.

Please be careful with this or other similar phishing emails and websites. Don’t click on any links on suspected emails and if you end up in one of these websites don’t enter any of your account details and leave the website immediately. Please visit https://www.GoDaddy.com instead.

(I have not linked to the phishing website directly. Visit at your own risk.)

UPDATE: While the domain name used has not been deleted it seems that the hosting account has been suspended. The website currently says:

“This Account has been suspended.
Contact your hosting provider for more information.”
Sold.Domains

About Konstantinos Zournas

Konstantinos studied Computer Engineering and Computer Science in London and lives in Athens, Greece. He works on domain names, websites and software development. Has been online since 1995 & domaining since 2002.

3 comments

  1. Can anyone stop so called eric edwards from trying to steal my godaddy domains

    ericedrward102@gmail.com

    ericedward401@gmail.com

  2. These phishing emails are extremely annoying. When the official Godaddy website emails me, I sometimes get nervous to even click their links because ya never know…lol.

    But thanks for going into so much detail in regards to this.

    -Omar

Leave a Reply

Your email address will not be published. Required fields are marked *