Scammers are getting quite clever these days. It’s more difficult for the average website owner to distinguish between the authentic and the fake. Even so-called web experts can be fooled. To illustrate how sophisticated some scams can be, I would like to share a recent incident that happened to one of my clients.
My client has her website hosted on GoDaddy. She has a website care plan with us which includes basic security features like backups and malware scanning.
Last night at about 9pm PST, she received the following email:
Subject: [Incident ID: 31937773] Regarding your hosting account
From: GoDaddy <firstname.lastname@example.org>
Seems legit, right? Let’s look a bit more closely.
First of all, a superficial comparison shows that the scam email does not have the same branding as a real GoDaddy email. Second, and more importantly, the scam email does NOT reference either my client’s name or her customer number, which any legitimate email from GoDaddy would. The image below shows my client’s email side by side with an email I received from GoDaddy about a domain purchase.
Next, we need to examine the supposedly suspicious files listed in the email. Logging in to my client’s hosting account, I searched for the files, but did not find them on the server. I also looked for any unknown files which hackers may have added, but this search came up empty as well.
Lastly, I looked at the phone number listed in the email. This part is quite interesting. You will notice that the number they give you to call is 480.366.3501, which is not the same as GoDaddy’s official support number: 480.505.8821. Even the one they list at the bottom has a different ending of 8871 instead of 8821.
Most people will not think twice about it and call the number because they’re scared that their site is infected with malware.
When you call the number, a woman’s voice will thank you for calling and ask you to enter your PIN number (which you need to use for GoDaddy’s support). But if you listen carefully, you will notice that she does NOT mention GoDaddy at all in the recording. For comparison, I called GoDaddy’s official support number. A woman’s voice thanked me for calling GoDaddy and gave me multiple options, including selecting a language and support department. Only later did she ask for my PIN and she always referenced GoDaddy in the call. By contrast, the scam number immediately wanted my PIN and, if I kept going, my credit card number too.
Please remember: GoDaddy will NEVER ask for your credit card number because of a malware scan. They already have your billing information on file and they will not ask for it over the phone.
Unfortunately, many people panic and give the scammers whatever information they request. This scam operates on fear and lack of close attention to detail.
Another thing that is concerning: If you do a Google search on the text of the scam email, you’ll end up with misleading information in the GoDaddy forums and other groups about whether it’s a scam or not. Forum contributors (including some apparently representing GoDaddy) will tell you that the email is legitimate. I’m not sure if these responders are a) simply not aware of the scam, (b) not looking closely enough to tell, or (c) working for the scammers to spread the belief that the emails are legitimate. The last possibility would be diabolical, if true.
At any rate, don’t be fooled! Before taking action on such an email, make sure you consult with your website administrator first. Better still, talk to your website administrator about the security measures in place for your site. These should at least include malware scanning and regular backups. If you need any assistance with securing your site against hackers, feel free to contact us. We are happy to help!