DAN.com - Manage & sell your domains like a pro

New GoDaddy phishing email and website using a domain registered at GoDaddy!

Konstantinos Zournas October 9, 2017 Domain Name News 3 Comments

I received a scam email today that tries to trick domain name and website owners into going to some phishing website to supposedly agree to the new GoDaddy Universal Terms of Service Agreement.

Here is the email:

From: GoDaddy <ssl4194noreply@wrdsb.ca> Canada
To: ****************************
Subject: Universal Terms of Service Agreement have expired.
Universal Terms of Service Agreement

One or more items in our Universal Terms of Service Agreement have expired. Agree the updated Terms today to avoid any disruption of services.
Dear user, some elements of our Universal Terms of Service Agreement (ToS) have been modified for better service use. But don’t worry, you can still use your services after you read and agree the new ToS.

Continue

Copyright © 1999-2017 GoDaddy Operating Company, LLC. 14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260. All rights reserved.

The email seems to be coming from a .ca email address but in reality it is coming from bwucqncc@frontierproductions.jp.

The link in the email takes you to a GoDaddy phishing website that is using a .info domain name. This is the link: https://sso-godaddy-tos.fsa-centraldistrict.info/sign.in.html

The phishing website above is very similar to the real GoDaddy.com website.

I typed in some gibberish and of course they recorded the Username and Password information (and never really validated them) and then I got to the “GODADDY HOSTING AGREEMENT” at this link:

https://sso-godaddy-tos.fsa-centraldistrict.info/legal.php

Of course it is all fake and copied by the GoDaddy website. For example it says “Last Revised: October 1, 2017” at the top and “Revised: 9/12/15” at the bottom.

If you click on either “Skip” or “Agree” at the bottom of the terms you are redirected to the real GoDaddy website!

The fsa-centraldistrict.info domain name was registered in January 2016 at GoDaddy of all places! The domain name is of course using whois privacy.

Please be careful with this or other similar phishing emails and websites. Don’t click on any links on suspected emails and if you end up in one of these websites don’t enter any of your account details and leave the website immediately. Please visit https://www.GoDaddy.com instead.

(I have not linked to the phishing website directly. Visit at your own risk.)

UPDATE: While the domain name used has not been deleted it seems that the hosting account has been suspended. The website currently says:

“This Account has been suspended.
Contact your hosting provider for more information.”
Related Articles:
  1. GoDaddy Warns About Phishing Email Targeting Valuable Domain Names
  2. New gTLDs Don’t Have A Major Impact On Phishing Yet – 85% Of Phishing Domain Names Were Registered In China
  3. New Go Daddy Phishing Attack
Sold.Domains

About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and I am now living in Athens, Greece. I went online in 1995, started coding in 1996 and began buying domain names and creating websites in 2000. I started the OnlineDomain.com blog in 2012.

3 comments

  1. Trent
    October 9, 2017 at 7:39 pm

    Can anyone stop so called eric edwards from trying to steal my godaddy domains

    ericedrward102@gmail.com

    ericedward401@gmail.com

    Reply
  2. Omar
    October 10, 2017 at 5:32 pm

    These phishing emails are extremely annoying. When the official Godaddy website emails me, I sometimes get nervous to even click their links because ya never know…lol.

    But thanks for going into so much detail in regards to this.

    -Omar

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Domaining blog recommended by Domaining.com OnlineDomain.com - © Copyright 2012-2024 - All Rights Reserved