Today I want to unravel a little scam. It’s lesson is: if someone finds that you have a GoDaddy account, they can use that bit of information to lure you into a scam.
Couple hours ago I received an email message. It’s sender was GoDaddy Operating Company, LLC. It’s title was Regain access to your account. That message was delivered to one of my email addresses, and specifically to such an address I have occasionally used when managing domains or Web hosting in GoDaddy.
The message contained one link. The anchor text for that link was something quite harmless and believable. It looked like this:
https://www.myh.godaddy.com/#/hosting/cpanel/account/92832690-50f0-12e3-92dd
But the actual URL address behind that anchor text was something like this:
http://www.myh.godaddy1.com.hosting-cpanel-account-90832690-56f0-11e3-92dd-14feb5d39ff1.redacted.tv/gl_paper_lantern-filemanager/
Even that scammer’s true URL looks quite valid. It has words like ”godaddy”, ”hosting” and ”cpanel” in it, but actually the domain belonged to one that ended with .tv
. That whole URL above consists of subdomain after subdomain, constructed so that looking at it in passing could easily fool the recipient.