Users of domain registrar and web hosting company GoDaddy, Inc. are being targeted by two new phishing scams that are attempting to gain access to their accounts.

The main phishing scam is one where users are sent details that their domains have sold, while a second, lesser known scam involves users receiving notices that the inbox on their accounts is full.

GoDaddy’s Aftermarket Product Manager Joe Styler issued a warning abut the first phishing scam on NamePros last week, noting that the email in question came through with a header that read “Congratulations! The following domain name has sold at auction” while pretending to be from GoDaddy itself:

We were made aware this morning by a few customers that they are getting emails claiming to be from GoDaddy that are saying that their valuable domains sold and that they should unlock them and move them to the buyer within 5 days. These emails are FAKE please be extra careful as they appear to come from auctions@godaddy.com but are actually not and they also look like our email templates but the wording is inconsistent with what we would send.

We never ask you to move domains to a buyer within 5 days. I will include the full body of the email below and the subject line so you can be aware and on the lookout. Always feel free to check your “sold” section in your auctions account to confirm a sale and also to reach out to our support if you have any concerns. It is always best to be safe by double checking and we are happy to help.

Full inbox

The second phishing email is targeted at users who use GoDaddy for their hosting, with users receiving an email from support@godaddy.com that claims that their email account storage has been maxed out and that incoming emails are being rejected.

Continuing on, the email states that users must upgrade, for free, to a 2GB account within 24 hours or their account will be suspended.

The link provided in the email goes to an address of the link within the email goes to mtparent.com/themes/www.html which presents users with what looks like a legitimate GoDaddy login page; once a user fills in their details they are actually directed to the legitimate GoDaddy page but with no upgrade of their email account having also given their login details to the person behind the phishing attack.

Users of Google’s Chrome browser will be notified that the website their visiting is a scam, but users of other browsers may not be so lucky.

“The lesson from this particular scam is to be vigilant, especially when a link or logins or passwords are involved,” Defend Magazine notes on the scam. “Continually look for the clues that scammers leave behind. Website traits such as https, and valid digital certificates issued by reputable Certificate Authorities should be the first thing you look for, anytime a website asks you for any information. If those things aren’t present, we can almost guarantee you that there’s a problem.”

Image credit: nickledford/Wikimedia Commons/CC by 2.0