A phishing scam is one of the easiest techniques used by cyber criminals to steal personal or financial credentials of any user who is not familiar with social engineering. With everyday passing, these cyber scammers are coming up new and ever more convincing ways to trick users and take advantage of their online presence.
The latest phishing scam according to Comodo Threat Research Labs in Defend Mag is targeting GoDaddy users (mostly website owners) by sending emails from a legit GoDaddy address support@GoDaddy.com. The email content informs users that their email account storage on GoDaddy server has increased from the given 20MB limit and any incoming emails will bounce back, however, in order to solve the problem users are asked to click on a link and get 2GB free space.
Until now, everything looks legit but to get the free space users are told to click on a link otherwise their account will be suspended and that’s where the game begins.
Now those who don’t have an account with GoDaddy may ignore the message but those who bought or have their domain hosted on GoDaddy are a potential target of this scam. Upon clicking the“Upgrade Mailbox” link users are taken to a legit GoDaddy site: mtparent (dot) com/themes/www (dot) html.
Once users add their GoDaddy login and passwords they are redirected to the original GoDaddy website GoDaddy.com and their login credentials are sent straight to cybercriminals behind this scam. The good news is that Chrome browser has already marked the website (mtparent (dot) com) that has been hosting this scam as a deceptive site that may reveal your personal information (for example, passwords, phone numbers, or credit cards).
The bad news is that Chrome doesn’t show any warning message on [mtparent (dot) com/themes/www (dot) html] domain whenever a user is redirected to it. This can lead scammers to win as not every user is familiar with the phishing scams especially the one coming from legit looking email addresses.
Previously, HackRead exposed two phishing scams targeting users from legit email IDs both related to PayPal where one came from email@example.com and the other one came from a genuine Irish government email address firstname.lastname@example.org.
If you are a website owner or manage sites for someone on GoDaddy; DON’T fall for this scam.