Targeted Phishing Against GoDaddy Customers
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it’s missing a name. When you get them from a bank you don’t even deal with that’s a pretty good clue.
However, when the phishing is well done and targeted, the game changes. Today, I received one that was well targeted. It uses my email registered at GoDaddy and my real name. And their guess that I have too many folders is a good one as I do have many test and demo sites.
If this wasn’t bad enough, our users are also reporting that they are receiving similar targeted emails. The emails are all very well written and warn the user about a large number of directories being used on their sites and a possible suspension of their account. This is what the email looks like:
We heard reports of this type of targeted phishing a few months ago, but it seems to be picking up steam lately. Webmasters have to be extra careful not to be fooled by this. This is the full copy of the email:
Dear Valued GoDaddy Customer RealName.
Your account contains more than 5271 directories and may pose a potential performance risk to the server. Please reduce the number of directories for your account to prevent possible account deactivation.
In order to prevent your account from being locked out we recommend that you create special directory.
Or use the link below:
However, when clicked (or moused over), the link actually redirects to a secondary phishing page located at httx://texlavka.ru/includes/data/ourrueatqz.htm asking for your GoDaddy user and password:
Are you a GoDaddy customer? Did you receive a similar email with your real name? If you ever need to login to your hosting provider, make sure you go straight to it and do not follow email links.