Domain hijacking spear-phisher foiled by the last line of defense—paranoia
As the old joke goes, “Just because you’re paranoid doesn’t mean that everybody isn’t out to get you.” Based on the contents of my e-mail inbox lately, I can confirm that my paranoia is well-founded.
Yesterday, I got an e-mail telling me that the domain name server information of my vanity domain had been changed. It purported to be a message from GoDaddy and had enough information to be almost legitimate—I had just regained the domain after another hosting company had neglected to auto-renew it a year ago, and at one point I had put in a domain backorder with GoDaddy to ensure that I could jump on it when the spam Japanese medical device WordPress blog was done sucking all the search engine optimization mojo out of it.
I had changed the DNS server information about two weeks ago, so the alert that it had been changed again made me nervous. I recognized the text in the link in the e-mail as being the URL for GoDaddy’s customer login page. However, there were signs that this was not legitimate:
View original article: