“GoDaddy” phishing emails

About “GoDaddy” phishing emails

“GoDaddy” phishing emails refer to a phishing campaign that misuse the GoDaddy name to phish users personal information. The phishing email falsely claims that your email is being upgraded from Workspace to Microsoft 365. It asks that you “validate” your email to confirm this change, and if do not do anything, your account will be supposedly closed. The email contains a link that, if clicked, would take you to a phishing website that will ask you to type in your login credentials. The moment you do that, the username and password will be sent to the cyber criminals operating this phishing campaign. From then on, the login credentials would be used by the cyber criminals themselves or it would be sold on hacker forums as part of a large database containing thousands of login credentials.

As long as you don’t click on anything in it, you can just delete “GoDaddy” phishing emails from your inbox, as it’s harmless. The email contains a link, which would lead to the phishing site. If you don’t type in your login credentials, nothing will happen. However, if you did provide your password, you need to change it immediately. Change it everywhere you used it, but do not reuse passwords in the future.

This GoDaddy phishing email is pretty typical as far as phishing emails go. It contains the typical signs of malicious emails, and we will explain them in the following section of the report.

How to recognize a phishing email

Phishing emails are rarely sophisticated enough to trick users who are familiar with them. Unless someone is targeted specifically, the phishing emails are usually pretty obvious because they follow a certain pattern.

The first thing you should check when you receive an unsolicited email with a link or attachment is the sender’s email address. If the email appears to be from a service you are using, you should be able to check the email address fairly easily. Even if the email address looks legitimate, always research it and make sure it actually belongs to whomever the sender claims to be. In this case, the phishing email is disguised to look like it came from GoDaddy, so if you use their services, simply use Google to check whether it actually belongs to them.
A typical sign of a phishing or any other kind of malicious email is grammar and spelling mistakes. It is believed that this is done on purpose in order to weed out more cautious users early on in the scam. Whether that is true or not, always look for grammar and spelling mistakes in unsolicited emails. This GoDaddy email has grammar mistakes, which immediately give it away.
Another obvious sign of a phishing or otherwise malicious email is you being addressed as User, Member, Customer, etc. If you pay attention to emails sent to you by services you use, you are always addresses by name (or whatever name you have given the service). If an email refers to you by anything other than your name when they know it, it should cause suspicion. The GoDaddy phishing email addresses potential victims as “User”.
If an unsolicited email contains a link, before clicking on it hover over it without your mouse. Doing that will allow you to see where you would be taken if you click on the link. If you do not recognize the address, do not click on it.
If you click on a link and are taken to a site that asks you to log in, always check the URL of the site before trying to log in. Phishing sites are often made to look almost identical to the sites they’re disguised as but they cannot imitate the URL fully, which is why it will always give them away.