New HostGator Phishing Scam - DO NOT Fall For This!

by nicheblogger75

Posted: 9 years ago 22 replies

INTERNET MARKETING

Warriors, I just got off the phone with HostGator support and I have confirmed that I have been the target of a new phishing scam.

I received a seemingly legitimate email from HostGator this morning, and here are the details:

FROM: donotreply@reply.hostgator.com

Email Body:

Dear Valued HostGator Customer YOUR NAME WILL BE HERE.

This notification is generated automatically as a service to you.

We have received a request that the name servers be changed for the following domain name(s):

"your domain name will be here"

If you are monitoring this name with Domain Backorders, the above change is also displayed in the Monitoring and Backordering section of your Account Manager.

Use the link below:

https://portal.hostgator.com/check.a...9801f6841861a2

Thank you,
HostGator.com Support

Toll-free: 1-866-96-GATOR
International: 001-713-574-5287

Now as you can see, this email looks real enough. Even the "from" address seems to be the real HG email address. The link they direct you to appears to be a real HG link to the customer portal. It's only like that on the surface though. The link that you see is not actually the real URL address.

If you click the link they give, it will take you a site that looks EXACTLY like the HG billing support/customer portal. I damn near logged in with my user name and password. What stopped me was when I looked at the URL.

The real HG billing portal URL is this:

https://portal.hostgator.com/login

The URL that I landed on looked to be set up on WordPress. The page was ALMOST identical, but when I looked closer I noticed that there were differences in text style and spacing, and the "View Our Support Articles" button at the top right of the page is much smaller on the phishing site.

I took screen shots so you can compare and this will help you to make sure you don't get phished. The main thing to look for, however, is the URL that is in your address bar. I am not going to give out the actual URL, just in case it was stolen or taken over from an innocent person (the URL has a full name in it).

Here is the REAL HG customer portal:

Here is the FAKE HG customer portal:

Look at the text on the fake site.You will notice it is much thinner and spaced much more closely than the text on the real site. The real difference is in the button to the top right of the page. On the fake site, it's much smaller.

PLEASE don't fall prey to this. If you were to click over to the fake site and log in, I'm pretty sure the scammers would now have access to all of the personal information that's in your customer portal. Worse, they could use that information and pretend to be you to gain access to your hosting account and wipe you out! You should have a backup, but that's not the point. It's a big pain in the butt!

#fall #hostgator #phishing #scam

agmccall 9 years ago

Internet 101, do not click links in email to login to anything.

al
- Thanks
- 2 replies
Signature

"Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison
{{ DiscussionBoard.errors[9888991].message }}
- John Hocking 9 years ago
  
  I agree about not clicking on email link. Thanks for the heads up in the scam.
  
  Thanks
  
  Signature
  
  Find Special Offers from Warrior Plus, JVZOO, Clickbank and Others.
  
  {{ DiscussionBoard.errors[9889003].message }}
- nicheblogger75 9 years ago
  
  Originally Posted by agmccall
  
  Internet 101, do not click links in email to login to anything.
  
  al
  
  You are absolutely right. However, there are a couple of things in play here that led me to believe this email was perfectly safe and was indeed from HostGator.
  
  - The "from" address is legit.
  
  - The URL in the email appears to be a HostGator URL (I didn't notice it was not legit until I landed on the fake page).
  
  Basically, everything in this email appears to be from HostGator. Also, one thing scammers do is to send emails like this that make you think you have an immediate problem. You tend to panic a bit (at least I do), and you want to get to the bottom of the problem right away. This can cause people to sometimes act without thinking about it until it's too late. Thankfully, this was a phishing attempt and not a virus. Had it been a virus or malware I may have gotten myself into hot water. As we all know, even the best virus protection software sometimes doesn't catch everything.
  
  That's what happened to me.
  
  Your point is well taken, though, and it is a rule that should be followed always.
  
  Thanks
  
  Signature
  FREE YouTube Marketing Playbook Video Course (20 Videos)
  
  {{ DiscussionBoard.errors[9889010].message }}

skypreet

9 years ago

why is there no url in the Fake screenshot???

I remember ,GoDaddy send remainder mail when we change the nameservers from the control panel. But I am just curious to know the phishing url and the email address from which you received the email.

Thanks
2 replies

{{ DiscussionBoard.errors[9889024].message }}

nicheblogger75

9 years ago

Originally Posted by skypreet

I removed the URL from the screen shot in case the domain being used by the scammers was stolen from an innocent party. It contains someone's full name, and I don't think it's right to associate that name with a scam if that person may also be a victim.

The "from" address seems to be an actual HostGator email address. However, I think it's easy enough to fake that. This is the "from" email address:

donotreply@reply.hostgator.com

Here is the subject line of the email:

Account Notice : Error № 7620

The fact that I did not receive anything from GoDaddy and the fact that all of my websites were still up and running was also a big tip off that the email was fake. I should have asked the HG customer service rep whether or not they actually send out emails like this, but I overlooked it.

Thanks

Signature

FREE YouTube Marketing Playbook Video Course (20 Videos)

{{ DiscussionBoard.errors[9889038].message }}

eightofdiamonds

9 years ago

Thanks for the heads up. I've used HostGator for years. I'm pretty cautious about what I click on in emails but from what you've posted it looks like the scam is well designed.

Thanks
1 reply

Signature

FixYourFinancials.com -

{{ DiscussionBoard.errors[9889043].message }}

nicheblogger75

9 years ago

Originally Posted by eightofdiamonds

Thanks for the heads up. I've used HostGator for years. I'm pretty cautious about what I click on in emails but from what you've posted it looks like the scam is well designed.

You're quite welcome.

I'm no newbie and the email looked so authentic that I nearly fell for it. Had I not checked out the URL and noticed that it was not the HG customer portal URL I would have gone through with logging in. I don't think it would be long after that before I found my entire hosting account wiped out. Then I would have had to upload my backup, which would have taken several hours, and in that time I probably would have missed out on a bunch of new subscribers.

Thanks

Signature

FREE YouTube Marketing Playbook Video Course (20 Videos)

{{ DiscussionBoard.errors[9889069].message }}

gvidass 9 years ago

Thanks! But honestly they did good job on making it, because I would believe that it's real site...
- Thanks
Signature
Unleash Full Potential of Pinterest Course
{{ DiscussionBoard.errors[9889077].message }}

wyatt2011

9 years ago

I don't know, I think I got this! They said they got a notice to change my name servers. I didn't request anything.
I hadn't had time to act on it thankfully. I wouldn't have anyway without calling Hostgator, which I will do this evening.

Dear Valued HostGator Customer ONEANDONE PRIVATE REGISTRATION.

This notification is generated automatically as a service to you.

We have received a request that the name servers be changed for the following domain name(s):

(website name which I deleted here)

If you are monitoring this name with Domain Backorders, the above change is also displayed in the Monitoring and Backordering section of your Account Manager.

Use the link below:
https://portal.hostgator.com/check.aspx?nw=f1920129f9c75b3d604ea4874e120736

Thank you,
HostGator.com Support

Toll-free: 1-866-96-GATOR
International: 001-713-574-5287

Thanks Angela

Thanks
1 reply

{{ DiscussionBoard.errors[9889099].message }}

nicheblogger75

9 years ago

Originally Posted by wyatt2011

Yup, you sure did. That's it alright. And as you can see the domain name looks like it belongs to an individual person. It's definitely not a HostGator domain.

I would definitely call them and report this. The customer service rep said they are going to investigate it and I'm guessing they will be sending out a warning email to all of their customers about this soon.

Thanks

Signature

FREE YouTube Marketing Playbook Video Course (20 Videos)

{{ DiscussionBoard.errors[9889128].message }}

AaronBurton

9 years ago

uh oh, thats not good.

Thanks
2 replies

{{ DiscussionBoard.errors[9889135].message }}

nicheblogger75 9 years ago

Originally Posted by AaronBurton

uh oh, thats not good.

As long as you DO NOT log into the fake site you should not have to worry. It's when you log in that they've now got your user name and password and can access all of your personal info.

I'm pretty sure most people know better than to click on links in a suspicious email, but this scam is VERY well designed and I'm thinking quite a few people have already fallen for this.
- Thanks
Signature
FREE YouTube Marketing Playbook Video Course (20 Videos)
{{ DiscussionBoard.errors[9889146].message }}

webmaster2015

9 years ago

Any notification I get from my bank or facebook to my email, I just go to my bookmarked link and sign in to read the notification, if it's not there then I know the email was fake. The only thing I will click on in my email is Hostgater renewal notices because they automatically sign you in and already have your previously chosen payment method ready and if a phisher already had that info there would be no reason to phish you for it. Basically if you click on any link in your email and it takes you to a sign in page, you are better off just going to your bookmarked link or google for the real site and sign in that way.

Thanks
1 reply

Signature

If you do classified advertising

You need a Delayed Autoreply Service

www.emailpiper.com

{{ DiscussionBoard.errors[9889237].message }}

nicheblogger75

9 years ago

Originally Posted by webmaster2015

The only thing I will click on in my email is Hostgater renewal notices because they automatically sign you in and already have your previously chosen payment method ready and if a phisher already had that info there would be no reason to phish you for it.

That's why this scam is so dangerous. Most people trust an email from HostGator and will click on the link without thinking twice. Especially since these emails really do look like they came from HostGator. I'm guessing whoever it was that masterminded this scam knows that. I'm always VERY careful about clicking links in emails, but this one had me fooled all day.

Thanks

Signature

FREE YouTube Marketing Playbook Video Course (20 Videos)

{{ DiscussionBoard.errors[9889706].message }}

internetmarketer1 9 years ago

Thanks for the heads up. I think I heard about something related to this before, but I'm glad I saw this here again as a reminder.

And I agree. Clicking on any link from an unknown or mysterious email address and then signing in to their form is hazardous, so watch out everyone. This company, whoever they are, isn't the only one doing this.
- Thanks
Signature
Tired of Google?! Exhausted from all the rehashed trash?!
This Is The Easiest Thing *You* Can Do To Get FAST FREE TARGETED Traffic Without Ever Using Google Again
{{ DiscussionBoard.errors[9889214].message }}
larrygo 9 years ago

Thanks for the info, my son just got one today that looked very good for another website
- Thanks
{{ DiscussionBoard.errors[9889780].message }}

David Keith

9 years ago

A huge tip off for me is when my lastpass account doesn't fill in my info or auto login for me.

That tells lastpass doesn't have my login info save for that site so I am probably not where I think I am...ie a phishing scam.

Robofor, does the same thing.

Thanks
1 reply

Signature

Just a Little War Room Gift.

{{ DiscussionBoard.errors[9889858].message }}

art72

9 years ago

Originally Posted by David Keith

I think it's time I get lastpass, never realized the benefits until you mentioned it recognizes the url and login before hand.

Also, kinda strange being I just 'renewed my HG hosting not even 2 hours ago, and would have likely never noticed the differences in those 2 pages!

Reminds me off a phone app ad for my local internet provider, you login to your account using the secure app, and the ad states; "you have been logged out of your (companies name and same text) account due to inactivity! - Log back in here.

I never clicked the ad because the red ball with the "X" in it clearly denotes its an advertisement, but I'll bet tons of people fall for for it.

Thanks for the heads up, being I did just renew my HG hosting, I'll be sure to NOT to fall for that one!

Thanks - good share!

Thanks

Signature

Atop a tree with Buddha ain't a bad place to take rest!

{{ DiscussionBoard.errors[9889869].message }}

ChrisBa

9 years ago

They did a really good job at copying the hostgator site and the email as well (not that I want to give credit to people who phish or scam)

Glad you caught this before it was too late.
Another great example to be careful with links in emails

[ 1 ] Thanks
1 reply

Signature

$ POPS GUIDE - YOUR FIRST CONVERSION GUARANTEED! $

{{ DiscussionBoard.errors[9889884].message }}

nicheblogger75

9 years ago

Originally Posted by ChrisBa

I've been thinking about this and the more I think about it the more it seems to me that it could be an Internet Marketer behind this.

It makes perfect sense that an Internet Marketer would do something like this in order to maybe eliminate competition in their niche. They get a hold of a competitor's hosting account and wipe them right out. If they can wipe out enough of their competition they can practically own a profitable niche. Also, it looks like they need a certain number of different domains to make this work.

I noticed a link someone posted earlier to a phishing site and it was a different domain than the one I came across. That means they may have already taken over quite a few hosting accounts/domains just to make the scam work.

So, what do you all think? Is an Internet Marketer behind this? Or is that too "conspiracy theory?"

Thanks

Signature

FREE YouTube Marketing Playbook Video Course (20 Videos)

{{ DiscussionBoard.errors[9890263].message }}

enterprisemind 9 years ago

Thanks for sharing this. I'm a Hostgator customer also.
- Thanks
Signature
Turn $25.00 Into $200+ Daily Starting Today
Free Report Reveals $200+ Daily With OTP Programs
{{ DiscussionBoard.errors[9889887].message }}
nizamkhan 9 years ago

Damn, they made things look so real. Please, DO NOT login/signin by clicking on the links in the emails, instead type the url directly in the browser address bar to login to your customer/banking/payment portals. Thanks for this phishing scam alert.

- Nizam
- Thanks
Signature
[FREE DOWNLOAD] My list of 101 FREE Tools and Services for Online Marketers!
{{ DiscussionBoard.errors[9890535].message }}

New HostGator Phishing Scam - DO NOT Fall For This!

Trending Topics

Should i Index Author pages?

best high quality crypto traffic.

Some interesting stats about brand comms

Fixing a massive traffic drop after rebranding

Meta AI now has Google Search results