Highly targeted Phishing against a GoDaddy account

I do get a lot of phishing emails, we all do, but as security professionals we tend to recognise them immediately, the syntax is wrong, it’s missing a name, of course when you get them from a bank you don’t even deal with that’s a pretty good clue.

But this is well targeted, it uses my name, and I do have a GoDaddy account, actually a few. And the guess that I have too many folders is a good one as I have so many test and demo sites.

Mousing over the url confirmed that the link he provided was not at GoDaddy but was on a compromised machine that had a form that looked like a GoDaddy page, not quite fully authentic as its missing all the menus and links you normally see.

Microsoft did pickup that it was a possible scam, but they mark their own emails to me that way so I can’t really rely on that, the only way to check such an email is legitimate to check the actual embedded urls point to a domain that relates to the emails content.

Entire email below:

Subject: Status Alert Code : 1550
 GoDaddy <technical@mya.godaddy.com>Thu 11/12/2014 14:01
Dear Valued GoDaddy Customer marc kranat

Your account contains more than 5475 directories and may pose a potential performance risk to the server.

Please reduce the number of directories for your account to prevent possible account deactivation.

In order to prevent your account from being locked out we recommend that you create special tmp directory.

Or use the link below:

(linking to texlavka.ru/includes/data/ourrueatqz.htm?ourrueatqz=65173795697c8229dd202ad94e821bab)

Sincerely,
GoDaddy technical support.

Leave a Reply

Your email address will not be published. Required fields are marked *