Beware of Whois Verification Phishing Emails | DomainInvesting.com
101 Domain

Beware of Whois Verification Phishing Emails

10

I received a non-personalized email from GoDaddy this morning, and as I read it on my iPhone, I had an idea for a blog post about the importance of personalizing emails to customers. As I was reviewing my other emails, I received a subsequent email from a blog reader advising me of a possibly phishing scheme targeting domain name owners.

According to a post on DNForum this morning from a user named Image Authors, there is an alleged phishing scheme targeting GoDaddy customers under the guise of a Whois verification requirement. I most likely received the same email since the information he shared about the underlying domain name looks to be the same. The subject of the email I received was “ACTION REQUIRED – Reminder to verify the accuracy of Whois data.”

When I receive emails from various websites and companies, I rarely (if ever) click the links, even if I know they are from the company. There’s too much risk with accidentally clicking a phishing email, and most issues that are addressed in various emails can easily be resolved by directly visiting the company’s website and navigating around that way.

If you do happen to click on a phishing email by mistake and give your account information, log in to your account to re-secure it ASAP. You should probably contact the company directly to do that in order to ensure any transactions (like domain transfers) are stopped immediately.

Check out the post on DNForum this morning, and beware of all emails that are supposedly from your domain registrar. It’s quite possible that a registrar email is legitimate, but why take the chance that it is a phishing email?

I will probably still write my article about email personalization later on today, but this article is probably much more important and timely.


About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has sold seven figures worth of domain names in the last five years. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest.


Reach out to Elliot: Twitter | | Facebook | Email

Comments (10)

    Rahul Chaudhary

    It seems that the scammer is taking advantage of ICANN’s new rules that require domain registrants to verify the contact details.

    January 4th, 2014 at 8:57 am

    Francois

    It’s going to be a funky year!

    In one hand this new ICANN rule where if you do not verify your WHOIS account your domain should quickly be dropped. So registrars will feel obligated to multiply emails notices while domain owners should be more motivated to click verification links.

    In the other hand the multiplication of email phishing with the risk of stolen domains.

    January 4th, 2014 at 9:03 am

    Joseph Peterson

    Correct me if I’m wrong here about something.

    The principal danger with this phishing scam, it seems to me, is that ICANN recently changed the rules to require whois email verification soon after domain registration. Ineluctably, email verification requires clicking on some link in an email. So even those of us who hesitate to click on email links, will be obliged to do so from time to time as a result of domain registrations.

    Since this policy was only introduced in January 2014, even seasoned domainers will be unfamiliar with the process. So I’d expect a higher-than-usual percentage of people to “convert” for this phisherman and betray their GoDaddy passwords.

    This phishing scam is actually quite sophisticated. Apart from the graphics being a closely cloned version of GoDaddy’s, the landing page you’ll see at the spurious GoDaddyAuthentication.com actually IS personalized with your name. At least, it said “Welcome, Joseph” when I ventured there.

    According to Whois, the person behind this little operation just registered the domain I saw today. But they’d obviously planned their approach in advance and specifically designed it to exploit the new ICANN policy.

    In case anybody was wondering, GoDaddy has already been notified about the issue.

    January 4th, 2014 at 9:12 am

    Joseph Peterson

    This just occurred to me while I was discussing this issue with Shane Cultra.

    It might be a good idea to click on these phishing emails just to see which phony domains they’re using to mimic registrars or other sites. I’ve only identified one shady domain: GoDaddyAuthentication.com. But it’s quite possible that the same person will be using multiple such domains — possibly under various pseudonyms and at different registrars.

    So if GoDaddy responds, once notified, by contacting the other registrar and shutting down the offending domain, then that’s still no guarantee that the same person (or someone else) isn’t perpetrating the same phishing scam with some other domain at another registrar.

    Personally, I expect phishing scams connected with this new ICANN policy to keep popping up. Furthermore, I think email phishing will become a much bigger problem for the average consumer once phishers have access to more convincing domains based on the new GTLDs. As domainers, I think we’ll have to become more alert to phishing … because it’s going to be one very ugly way the general public becomes acquainted with the use of domains.

    So please keep track of which domains are being used for such impostures. And if you come across something not previously reported, report it to the company whose customers are may be defrauded.

    January 4th, 2014 at 9:55 am

    Elliot Silver

    I received a second email shortly after the first one, but Gmail marked it as spam.

    It looks close enough to a real GoDaddy email that I bet many people fall for it. Hopefully they will see the DNF post or other posts on Domaining.com before they click through.

    Kudos to Francois from Domaining.com for sending out an email bulletin alerting people this morning.

    January 4th, 2014 at 10:46 am

    Acro

    The legitimate email sent out by GoDaddy to verify your email address, as mandated by the new ICANN requirements, DOES NOT ASK YOU TO LOG IN.

    Obviously, this doesn’t mean that phishing emails that would employ another scheme won’t be generated.

    Keep in mind that if you verified that email address once, there won’t be another email from the same registrar. The first and only email, is sent out as soon as you registered that domain, in 2014 – not hours or days later.

    And yes, the confirmation is required by the registrar and ICANN, so you cannot ignore the legitimate email without risking to lose the domain.

    January 4th, 2014 at 2:03 pm

    Where are the lawyers?

    ANOTHER MATTER FOR A CLASS ACTION HERE (add it to the class action against search engines running general TLDs different from their own trademarks and all the others class actions…).

    Conceal your data IS A RIGHT! Everyone can undesrstand EASILY the future plans of a company if he only follow the new domains they register…

    No one can ask for email verification WITHOUT setting before a new procedure for transferring domains without having to remove the privacy. It is a right giving fake registant data knowing that if you need to transfer a domain, and 90% of cases you need to do at least one transfer, you will have to remove the privacy.

    Why all the lawyers in this industry do not promote any of those class actions?!?!?…..

    January 4th, 2014 at 3:32 pm

    Where are the lawyer?

    I don’t know, this is the reason I am calling the lawyers…

    Anyway I am pretty sure that you will not be wrong suing ICANN and, of course, the GGGGGGreat master of all the plans to control the entire economy of the world and every single human being…

    Who will have access to those deep database? Maybe tax agencies of all the countries worldwide? Maybe. Surely I have a little bit presentiment that even the Great puppeteer will have access to them…

    January 4th, 2014 at 3:59 pm

    Alex

    Both forums have good insights. There’s great tips on namepros too.
    https://www.namepros.com/domain-name-discussion/813482-godaddy-whois-verification-email-beware-phishing.html

    I’m hoping we can all figure out a good sol to this soon.

    January 7th, 2014 at 6:35 pm

Leave a Reply

Name *

Mail *

Website