We've received a new phishing email that could fool you if you're not aware. The email purports to be from GoDaddy and has the following subject line:
Status Alert: Potential performance risk to the server.
and it goes on to say:
Dear Valued GoDaddy Customer.
Your account contains more than 463 directories and may pose a potential performance risk to the server.
Please reduce the number of directories for your account to prevent possible account deactivation.
In order to prevent your account from being locked out we recommend that you create special tmp directory.
Or use the link below:
[Not pasting the link, but at first glance it appears to be a godaddy.com url. Looking at the source code it actually goes to a Russian theirsite.ru url.]
GoDaddy technical support.
- - - - - - - - - - - - - - - - - - - - - - - - -
Copyright (C) 1999-2014 GoDaddy.com, LLC. All rights reserved.
Most experienced users will never even open the email, but many people will because they don't know warning signs to look for.
What tipped us off?
- Number 1 - we don't host with GoDaddy. Duh.
- as a fallback if we did host with GoDaddy, googling "godaddy limit on number of directories" would give the following support info from GoDaddy: Though we impose no limit, to improve your website's performance, we recommend limiting your directories to no more than 1,024 files/inodes.
- whenever we question whether an email is legitimate, we DON'T OPEN IT! We look at the source code of the email to see which email address it's really from, and to inspect any links within the email.
- In this case, the email SAYS it's from From: GoDaddy <technical AT mya.godaddy.com> but the code shows it's actually from <defensewea AT vh45.sweb.ru>.
- The link it's attempting to get you to click on shows https://mya.godaddy.com, which is a legitimate GoDaddy url, but the code shows it's actually linking to theirsite.ru/login.php with this godaddy-looking url at the beginning of it: idp.godaddy.com.logins.aspx.sptke.98237564789823yr29.6754e06e46dfa419d5afe3c9781cecad.com. Most people would never even see the real link, but if they did look at the code they may look no further than idp.godaddy.com to see it's actually going to a .ru domain name.
Rule of thumb - whenever you receive an email that you suspect may not be legitimate, don't open it; if you do open it, the phisher will know they have sent it to a good email address & will keep sending stuff to you (yes, they can tell when you open an email).
Use your email software to look at the source code so you can see the real email address it's from, and where the real links are actually going.
If you do open it before you suspect it isn't legit, don't click on any links! Right click on the link to copy the url, then paste the url into a text editor. That will allow you to see what the address really is.
Sometimes you may find the email is legitimate, but better safe than sorry!