I received a scam email today that tries to trick domain name and website owners into going to some phishing website to supposedly agree to the new GoDaddy Universal Terms of Service Agreement.
Here is the email:
|Subject:||Universal Terms of Service Agreement have expired.|
|Universal Terms of Service Agreement
One or more items in our Universal Terms of Service Agreement have expired. Agree the updated Terms today to avoid any disruption of services.
Copyright © 1999-2017 GoDaddy Operating Company, LLC. 14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260. All rights reserved.
The email seems to be coming from a .ca email address but in reality it is coming from email@example.com.
The link in the email takes you to a GoDaddy phishing website that is using a .info domain name. This is the link: https://sso-godaddy-tos.fsa-centraldistrict.info/sign.in.html
The phishing website above is very similar to the real GoDaddy.com website.
I typed in some gibberish and of course they recorded the Username and Password information (and never really validated them) and then I got to the “GODADDY HOSTING AGREEMENT” at this link:
Of course it is all fake and copied by the GoDaddy website. For example it says “Last Revised: October 1, 2017” at the top and “Revised: 9/12/15” at the bottom.
If you click on either “Skip” or “Agree” at the bottom of the terms you are redirected to the real GoDaddy website!
The fsa-centraldistrict.info domain name was registered in January 2016 at GoDaddy of all places! The domain name is of course using whois privacy.
Please be careful with this or other similar phishing emails and websites. Don’t click on any links on suspected emails and if you end up in one of these websites don’t enter any of your account details and leave the website immediately. Please visit https://www.GoDaddy.com instead.
(I have not linked to the phishing website directly. Visit at your own risk.)
UPDATE: While the domain name used has not been deleted it seems that the hosting account has been suspended. The website currently says:
Can anyone stop so called eric edwards from trying to steal my godaddy domains
Tyr This… firstname.lastname@example.org
These phishing emails are extremely annoying. When the official Godaddy website emails me, I sometimes get nervous to even click their links because ya never know…lol.
But thanks for going into so much detail in regards to this.