A few people posted online of an email supposedly from Go Daddy asking its users to complete some form. If you’re one of those who got it…
…PLEASE DON’T DO WHAT IT ASKS YOU TO DO JUST YET.
Here’s a copy of the email:
Dear GoDaddy Customer,
GoDaddy Customer Support Team requests you to complete GoDaddy Customer Online Form.
This procedure is obligatory for all customers of GoDaddy.
Please click hyperlink below to access GoDaddy Customer Online Form.
http://myaccount.session-xxxxxxxx.godaddy.com/AccountConfirmation/account.aspx
Please do not respond to this email.
This mail generated by an automated service.
Copyright © 1999 - 2007 GoDaddy.com, Inc. All rights reserved.
If you got the same kind of email above, please be warned that it might be a phishing one. For the “average user” who might be wondering what’s phishing:
http://en.wikipedia.org/wiki/Phishing
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
Phishers send emails pretending to be from a reputable company asking you to visit a web address and enter certain sensitive information (e.g. credit card details). In reality, that web address is used to capture those details for them to use to order certain stuff without your consent.
A few have already informed Go Daddy about it. As of this post (which I’ll update as soon as I’m able to confirm or so), there hasn’t been official word yet from Go Daddy whether the email above is indeed fraudulent or authentic.
One user I know mentioned one reason he believes it’s false is because Go Daddy consistently emails its customers addressing them by their names. From my very last email communication from them, it does so.
I honestly haven’t clicked the link yet, but I’m sure you understand I’m reluctant to do so. On the side, I wish I remember (and bookmark) that web address where it supposedly checks if the link is authentic or fake.
For now, expect the worst and be careful. Please forward this as many people you know.
Edit: I found one user who checked the link out. It brought him to some site whose parent domain name is a .hk.
Popularity: 45% [?]
Why not just copy and paste the link into your browser, if godaddy returns an error (not found, etc) then you know its fake, if it works then its probably real - even though I never go one.
Would be a slight chance if someone hacked into godaddys servers to put up a page on an x.godaddy.com subdomain.
Hi Camron,
The xxxxx from the link above is actually a number. I once did something like that in my “newbie” years and got my computer infected.
It doesn’t always happen, of course. But with so much junk out there on the ‘Net, you really never know.
I just edited my post above since I found someone who finally clicked on the link. Get this: it brought him to some other site bearing a .hk domain name.
Hi, all!
I received this eMail also. I immediately smelled something Pfishy. A quick check of the message raw source showed some truly odd routing, and that the link does NOT go to an official GoDaddy page. I reported it to abuse@godaddy.com.
Folks, we need to be aware. Although this particular example was rather amateurish, some of the Pfishers are getting really sophisticated. When in doubt, delete first and ask questions later.
Best to all,
Mitch Selleck
http://www.emailsoap.com
GoDaddy does indeed use its customers’ names in every email. But the dead giveaway is this sentence: “This procedure is obligatory for all customers of GoDaddy.”
If that were true, I’d have received the same message. (I didn’t.) Also note that no reason is given for collecting such information — not even the usual “verification” excuse.
Wish there were some kind of reply-whammy we could send back to such criminals . . .
Dave,
There is no doubt the email is a fraud. shame on Godaddy for not warning their client base about this.
At the end of the email was a bunch of “invisible” code. It used the same font color as the page so you could not see the code.
Is it possible this code is activated when you click on the link in the email?
I’ve darkened the code so you can see it and it appears at the end of my comment. If anyone knows what this code is or does, please share.
Patrick
The Invisible Code:
=
0×88, 0×05616013, 0×429, 0×074, 0×2569 OZTN, cvs, IR3. 0×89012922 0×038, 0×629, 0×43128186, 0×7887, 0×5, 0×66728643 9VJ: 0×79468866, 0×48, 0×94265661, 0×49467091, 0×43, 0×6, 0×15, 0×44972197, 0×181, 0×51, 0×9846, 0×841, 0×36 0×7, 0×8115, 0×09, 0×61, 0×125, 0×11042443, 0×9, 0×0892, 0×55, 0×0231, 0×559, 0×4280, 0×6 api: 0×58067310, 0×227, 0×11, 0×7177, 0×83756260, 0×809, 0×348, 0×3226, 0×4, 0×7, 0×260 0×8896, 0×64, 0×05710517, 0×696, 0×8, 0×7391, 0×1120, 0×65450522, 0×28, 0×98744297 0×6826, 0×63, 0×3, 0×8, 0×0711, 0×88, 0×234, 0×6, 0×64920055, 0×3, 0×09, 0×522, 0×3, 0×28828313
YW4L: 0×9, 0×6243, 0×26361212, 0×4, 0×223, 0×4808, 0×8953 F2LZ: 0×6, 0×653, 0×5496, 0×09549471, 0×5, 0×05078192, 0×8976 0×4, 0×5687, 0×43428446, 0×512, 0×222, 0×690, 0×53, 0×29871485, 0×1, 0×4493, 0×7243 VEO4 69EC source update interface. start: 0×7203, 0×1829, 0×538, 0×56, 0×53, 0×26, 0×48735352, 0×742, 0×3, 0×7, 0×71632702, 0×19, 0×22643814, 0×5084 0×1, 0×9304, 0×15213262, 0×9335, 0×34 PJA cvs revision WFFD interface R3D exe 9GZO engine. 5P8K: 0×554, 0×25534661, 0×5932, 0×208, 0×86155241, 0×420, 0×39724043, 0×62040995, 0×84794706, 0×98618654, 0×8387 0×44549995, 0×0, 0×4463, 0×9, 0×9621, 0×37, 0×6, 0×8890, 0×1035, 0×301, 0×6226, 0×1157 start: 0×51058006, 0×69, 0×6826, 0×9422, 0×73265151, 0×80773216
0×6519, 0×93, 0×711, 0×4022, 0×8, 0×300, 0×46, 0×9117, 0×3511, 0×046, 0×6375 0×24227646, 0×0584, 0×3 UR3: 0×9, 0×424, 0×46, 0×12923251, 0×053, 0×8, 0×1955, 0×935, 0×5148, 0×00571306, 0×474, 0×36221962, 0×50, 0×07349194 0×797, 0×15473140, 0×69874341, 0×165, 0×8, 0×60, 0×8354, 0×66, 0×2487, 0×00049280 YOI, 954K HGS1, VUC0×45920592 serv: 0×212, 0×8, 0×3, 0×48, 0×08, 0×27316041, 0×3, 0×8, 0×50760274, 0×4, 0×74, 0×2, 0×63643985, 0×51901916 0×723, 0×04, 0×5, 0×35, 0×6, 0×1645 media, EOA, interface, L7Q, hex, UE8, media. update: 0×4
=
0×88, 0×05616013, 0×429, 0×074, 0×2569 OZTN, cvs, IR3. 0×89012922 0×038, 0×629, 0×43128186, 0×7887, 0×5, 0×66728643 9VJ: 0×79468866, 0×48, 0×94265661, 0×49467091, 0×43, 0×6, 0×15, 0×44972197, 0×181, 0×51, 0×9846, 0×841, 0×36 0×7, 0×8115, 0×09, 0×61, 0×125, 0×11042443, 0×9, 0×0892, 0×55, 0×0231, 0×559, 0×4280, 0×6 api: 0×58067310, 0×227, 0×11, 0×7177, 0×83756260, 0×809, 0×348, 0×3226, 0×4, 0×7, 0×260 0×8896, 0×64, 0×05710517, 0×696, 0×8, 0×7391, 0×1120, 0×65450522, 0×28, 0×98744297 0×6826, 0×63, 0×3, 0×8, 0×0711, 0×88, 0×234, 0×6, 0×64920055, 0×3, 0×09, 0×522, 0×3, 0×28828313
YW4L: 0×9, 0×6243, 0×26361212, 0×4, 0×223, 0×4808, 0×8953 F2LZ: 0×6, 0×653, 0×5496, 0×09549471, 0×5, 0×05078192, 0×8976 0×4, 0×5687, 0×43428446, 0×512, 0×222, 0×690, 0×53, 0×29871485, 0×1, 0×4493, 0×7243 VEO4 69EC source update interface. start: 0×7203, 0×1829, 0×538, 0×56, 0×53, 0×26, 0×48735352, 0×742, 0×3, 0×7, 0×71632702, 0×19, 0×22643814, 0×5084 0×1, 0×9304, 0×15213262, 0×9335, 0×34 PJA cvs revision WFFD interface R3D exe 9GZO engine. 5P8K: 0×554, 0×25534661, 0×5932, 0×208, 0×86155241, 0×420, 0×39724043, 0×62040995, 0×84794706, 0×98618654, 0×8387 0×44549995, 0×0, 0×4463, 0×9, 0×9621, 0×37, 0×6, 0×8890, 0×1035, 0×301, 0×6226, 0×1157 start: 0×51058006, 0×69, 0×6826, 0×9422, 0×73265151, 0×80773216
0×6519, 0×93, 0×711, 0×4022, 0×8, 0×300, 0×46, 0×9117, 0×3511, 0×046, 0×6375 0×24227646, 0×0584, 0×3 UR3: 0×9, 0×424, 0×46, 0×12923251, 0×053, 0×8, 0×1955, 0×935, 0×5148, 0×00571306, 0×474, 0×36221962, 0×50, 0×07349194 0×797, 0×15473140, 0×69874341, 0×165, 0×8, 0×60, 0×8354, 0×66, 0×2487, 0×00049280 YOI, 954K HGS1, VUC0×45920592 serv: 0×212, 0×8, 0×3, 0×48, 0×08, 0×27316041, 0×3, 0×8, 0×50760274, 0×4, 0×74, 0×2, 0×63643985, 0×51901916 0×723, 0×04, 0×5, 0×35, 0×6, 0×1645 media, EOA, interface, L7Q, hex, UE8, media. update