This morning I checked my email and there was a message from GoDaddy informing me there had been a name change to to one of my domains. It was the new one I created for an the app I started blogging about with the Google Compute Engine.
Something didn’t look quite right about it, but I clicked the link anyway. It went to a login form, but my user name is a long number that I’d have to look up to be able to type in, and, there was not enough stuff on the page. So, I googled it and came to several blog posts about Fake DNS change notifications. Apparently new Domains are being targeted.
I hadn’t had my morning cup of coffee yet, so was probably just lucky I didn’t enter my username and password because then someone would have full access to my account.
Here is what the real page should look like. Basically there wasn’t enough stuff on the fake one. What worries me though about it is if the creator was a little more skilled and had added more content to the page I may have been fooled.
Here is what the email I received looked like. I changed the actual phishing link address to “seriesoflettersandnumbers”, this is what would probably link the info I put into the form with my email address. I’m putting this post up for awareness.
I don’t have that domain ownership blocked on WhoIs, so it is trivial to get my email address for it.
Dear Valued GoDaddy Customer MICHAEL PURVIS.
This notification is generated automatically as a service to you.
We have received a request that the name servers be changed for the following domain name(s):
luciddreamapp.com
If you are monitoring this name with Domain Backorders, the above change is also displayed in the Monitoring and Backordering section of your Account Manager.
Use the link below:
https://sso.godaddy.com/mains.aspx?idp=”seriesoflettersandnumbers”
Sincerely,
GoDaddy Domain Backorders team.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Copyright (c) 1999-2015 GoDaddy.com, LLC. All rights reserved.
I called GoDaddy and reported the phishing attempt, gave them the url to look at and they confirmed there was nothing out of the ordinary with my account. It’s interesting that the phone number on the fake page is GoDaddy’s actual phone number. It makes me think that it’s possible whoever did this, is doing an experiment because they could have gone a few steps further to make it more effective.