GoDaddy phishing portal scam: This is how they steal your domains!

If you wondered how domain thieves steal your domains, the number one method is by email phishing and by replicating a portal of a domain registrar or other portal of authority.

GoDaddy is by far the biggest target of thieves, due to the sheer amount of domains under management.

Aaron of PremiumNameSales tipped us off about an ongoing email scam with GoDaddy customers being targeted. The email goes like this:

Subject:          Status Alert: Your account contains more than 9740 directories.

Dear Valued GoDaddy Customer.  Your account contains more than 927 directories and may pose a potential performance risk to the server. Please reduce the number of directories for your account to prevent possible account deactivation.  In order to prevent your account from being locked out we recommend that you create special tmp directory.  Or use the link below: [link removed]

The email and the portal are both set up to look like legitimate GoDaddy content. Once one is fooled into clicking on that email link, here’s what comes up on a Russian web site:


The next step involves entering their username and password into the fake GoDaddy form, which are then captured by the domain thieves.

Part of the resulting page is shown below – note that the other links are dead; all the thief wants is your account login and password, and once you discover you are not really on a GoDaddy page, it’s usually too late.


The proliferation of domain theft is an issue that should be addressed at ICANN level, as the domain namespace is expanding further to incorporate thousands of new gTLDs.

ICANN working groups should be part of a coordinated effort to implement safeguards, to protect domains and streamline any ownership/transfer disputes.

For some recent coverage on domain thefts:

If your domain was stolen and need to raise awareness while you’re attempting to get it back, here are some useful guidelines.


Copyright © 2024 · All Rights Reserved.