Stealing attempt - ACTION REQUIRED - Reminder to verify the accuracy of Whois data

by Nuno
10 replies
Please check if you received any email from: support@domains.godaddy.com
(Godaddy doesn't use this address, it's a phishing attempt).

Does the email says you need to verify by using OpenID? If yes, it's the same person trying to get the password for your email account.
They will direct you to the domain godaddyauthentication.com , which of course isn't from Godaddy.

I have Two Step authentication factor on Gmail so he/she can never enter. Yahoo also has the sms security system.

I have reported this to NameBay (where the domain was registered yesterday), Godaddy and Gmail.

If it helps I can create a pdf with all the details so that you can send to your friends.

I knew these new ICANN rules would lead this way, many domains will be stolen, many email accounts will be hacked. I warned about his, few cared. Many people are scared that now in 2014 if they don't verify their email accounts their domains will be frozen, and many scammers will use this fear.

If that person has access to your email... you have more at risk than just your domains.

What is your opinion?
#accuracy #action #attempt #data #phish #phishing #reminder #required #steal #stealing #stolen #verify #whois
  • Profile picture of the author nicelife
    Well I guess it's just a matter of being observant about this, but they will probably manage to steal some domains.

    Thanks
    {{ DiscussionBoard.errors[8838062].message }}
  • Profile picture of the author Nuno
    Not just domains...

    They now sent another email, asking people to deactivate the two step authentication!

    Second Alert : ERROR - Turn off 2-step verification

    Error : 2-Step verification

    Solution : Turn off 2-step verification

    P.S. Godaddy needs to expand their 2-step protection to other countries as well. There are lots of international sms gateway providers...
    Signature
    I have 15+ years of experience & millions of visitors (I'm also a warrior since 2002)!
    NunoAlex.com explains how I can help.
    I'm looking for a limited number of serious partners.
    {{ DiscussionBoard.errors[8838342].message }}
  • Profile picture of the author BlairDesigns
    This is exactly why I DO NOT answer anything through email when it comes to business or accounts. If the company I'm dealing with "emails" me I call to ask directly what the issue and email was about. 100% of the time it has been a failed phishing attempt. In recent months I have taken pleasure in respond to these emails to see what type of response I get, never once have I given the information they've asked for but it's fun to see them squirm hahaha
    {{ DiscussionBoard.errors[8838464].message }}
    • Profile picture of the author Nuno
      The problem is that in 2014 you have to click on emails Godaddy sends, or your domain will be suspended.
      The only difference is that they don't ask you to login.
      Signature
      I have 15+ years of experience & millions of visitors (I'm also a warrior since 2002)!
      NunoAlex.com explains how I can help.
      I'm looking for a limited number of serious partners.
      {{ DiscussionBoard.errors[8838558].message }}
      • Profile picture of the author Teravel
        Originally Posted by Nuno View Post

        The problem is that in 2014 you have to click on emails Godaddy sends, or your domain will be suspended.
        The only difference is that they don't ask you to login.
        I don't have to open emails from GoDaddy, and my domains won't be suspended. I also can't find it anywhere on their site that says otherwise, though I didn't look for long as I have never liked GoDaddy. They were a cheap company when they started, and they haven't improved much since.

        Also, they can't suspend your domain simply because you didn't open an email. You purchased legal rights to the domain. It's yours. GoDaddy doesn't own it. If they did, you wouldn't be able to transfer your domain from one registrar to another.

        Please, post a link to the information on GoDaddy that says you are required to open all emails from them in order to retain your current domains.
        Signature

        "Failure is feedback. Feedback is the breakfast of champions." -Fortune Cookie

        PLR Packages - WSO

        {{ DiscussionBoard.errors[8838570].message }}
        • Profile picture of the author Nuno
          Teravel, all registrars are forced to do that starting 2014.

          Here is Godaddy's info on this:
          Verifying Contact Information for ICANN Validation | Go Daddy Help | GoDaddy Support

          Trying to change anything in your whois registrant information, or registering a new domain, will force that right now.

          Here are other places where you can confirm this:
          http://www.hover.com/blog/icann-regi...s-coming-soon/
          http://www.theverge.com/2013/6/29/44...n-registration

          I can give you many more examples. If your registrar sends the verification email, and you don't confirm it, your domain WILL be supended by ICANN's new rules.
          Signature
          I have 15+ years of experience & millions of visitors (I'm also a warrior since 2002)!
          NunoAlex.com explains how I can help.
          I'm looking for a limited number of serious partners.
          {{ DiscussionBoard.errors[8838607].message }}
          • Profile picture of the author Teravel
            Originally Posted by Nuno View Post

            I can give you many more examples. If your registrar sends the verification email, and you don't confirm it, your domain WILL be supended by ICANN's new rules.
            I went through your links and read everything I could find. Then I searched for ICANN's ruling on this, and I think everyone is making this bigger than it is.

            Lets break this down into a few basic concepts.

            First, how many accounts do you need with your preferred Domain Registrar? If you said any number higher than one, you're wasting your time. You may have multiple accounts if you use multiple registrars, but to have multiple accounts on a single registrars site is silly.

            Second, you need to Verify your Email OR Phone for your ACCOUNT. This means you have to do this ONE TIME, unless you are wasting your time as above, or if you are using multiple registrars.

            Third, you want your business information to be correct and visible for anyone that wants to find it. Not only does this make you look like a real business, it gives people a way to contact you.


            I have yet to receive contact from the Registrar I use. I just went into my account, and I have no warnings or errors that would give sign to this either. This is most likely due to the fact that I run a business, and verified my business information years ago when I set the account up.
            Signature

            "Failure is feedback. Feedback is the breakfast of champions." -Fortune Cookie

            PLR Packages - WSO

            {{ DiscussionBoard.errors[8838898].message }}
            • Profile picture of the author Nuno
              Because of this yesterday there was a massive phishing operation that already made real damage and it's just the first.

              The problem is, and I already read people stating this:

              - some people will be tricked to click on phishing emails, giving access to their domain and email accounts.

              - some will never click the real mandatory registrar's email, their domain will be suspended, the website will be offline. Why? Thinking they don't need to click it, it will go to spam folders, or because they will think it's phishing.

              In conclusion: how does a valid but throw away email in the whois protects anyone? This opened the doors to lots of scams but it does no good at all. I'm not against valid info, not forcing everyone to click on email links leading to many problems especially for the less savvy.

              This applies to everyone, business or not.

              You only have to verify your email address once (when you change any detail on your current domains or register a new one) but it just started in 2014.

              Update:

              Many verification emails have been going to spam and sometimes the confirmation process doesn't work.
              Meanwhile close to 1 million domains were suspended and many websites are/were broken.
              I warned this would happen...
              Signature
              I have 15+ years of experience & millions of visitors (I'm also a warrior since 2002)!
              NunoAlex.com explains how I can help.
              I'm looking for a limited number of serious partners.
              {{ DiscussionBoard.errors[8839402].message }}
  • Profile picture of the author davezan
    Originally Posted by Nuno View Post

    many domains will be stolen
    More like suspended, rather than stolen. At least, for new domain registrations.

    Originally Posted by Nuno View Post

    What is your opinion?
    Many people are going to be angry, and the registrars know that.

    If it's any consolation, even registrars aren't keen on requiring people to verify
    their new domain registrations starting 2014. They and ICANN are forced to do
    so because of law enforcement.
    Signature

    David

    {{ DiscussionBoard.errors[8838680].message }}
    • Profile picture of the author Nuno
      Not just suspended, I think that today some domains were indeed stolen. I believe they managed to get access to a few email or Godaddy accounts.

      Even today a representative for domain interests told that when negotiating with ICANN they told these forced email verifications would increase phishing, but they were adamant.
      A correct throw away email doesn't protect anyone...
      Signature
      I have 15+ years of experience & millions of visitors (I'm also a warrior since 2002)!
      NunoAlex.com explains how I can help.
      I'm looking for a limited number of serious partners.
      {{ DiscussionBoard.errors[8838696].message }}

Trending Topics