The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Tuesday, August 07, 2007

Security issue: phishers now targetting domain registrars

This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants. Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars.

Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam.

It's not known precisely why phishers are after domain registration information, but the possibilities are chilling. The most obvious danger is that the phishers might be trying to simply steal domains — recall the sex.com and races.com fiascoes.

One worst-case scenario which has been suggested is this: If a phisher were to successfully hijack the domain registration of a bank or credit union, they could surreptitiously redirect the domain name to their own servers and conduct a man-in-the-middle attack without the bank even realizing it's happening.

Dear GoDaddy Customer,

GoDaddy Customer Support Team requests you to complete GoDaddy Customer Online Form.

This procedure is obligatory for all customers of GoDaddy.

Please click hyperlink below to access GoDaddy Customer Online Form.

http://myaccount.session-47175729.godaddy.com/AccountConfirmation/account.aspx

Please do not respond to this email.

This mail generated by an automated service.

Copyright © 1999 - 2007 GoDaddy.com, Inc. All rights reserved.
Of course, the link provided actually goes to the phishing site, not to GoDaddy.

Labels:

0 Comments:

Post a Comment

<< Home