Sometimes phishing and other malicious emails come into your mailbox looking very legitimate. These screenshots would show you how to spot a fake GoDaddy email.

We live in a fast-paced world and often scan through information without giving it a second thought. Criminals know that and use social engineering methods to trick you into trusting their email in hopes of you clicking on the link and then – who knows?.. your computer may get infected, or your personal identity may be compromised.

It is important to always remember that email scams are very common. Train yourself to be on the lookout for the signs that can help you spot the impostors. Let’s take a look at the following example.

I have received an email at first thought to be from GoDaddy this morning. Having a large number of domains I get lots of emails from GoDaddy, and this one caught my eye: something was not quite right. I took a look further and identified the telltale signs of an email that tries to pass on as communication from a trusted source.

screenshot of a fake godaddy alert

Looks legitimate, right?

Here is what you have to look for to see if it’s fake:

First, the FROM email address states “not_reply@godaddy.com”. In my experience, GoDaddy uses “donotreply@godaddy.com”. I did not highlight it in the screenshot because it may not be obvious to those who are not familiar with GoDaddy’s sender email addresses. Plus, it may be subject to change. What is more important here is the absence of a “TO” field – it is sent to “nobody” (it could’ve also be addressed to somebody else, but people usually catch on to that, so the empty field is less likely to be noticed and crooks hope it will get past most people)

Also, note how it prompts to “Re-Verify Your Premium Account” to click on the link: creating a sense of urgency is a common technique used by cybercriminals.

Same screenshot - with red lines marking the spots that can help you identify the fake...

Same screenshot – with red lines marking the spots that can help you identify the fake…

 

Here is the most certain way check for email legitimacy: most email clients, such as Outlook, show you some of the header information right in the inbox. Notice in blue the address for secureserver.net – one of GoDaddy’s service domains – and in this example, my address – since GoDaddy sent the emails to me. Compare it to the one in question marked in red: see the googleusercontent.com,  a sign of a private user; and hissingkitty.com – definitely a suspicious domain name, not something a reputable domain registrar would use.

fake godaddy email screenshot

click to enlarge and see how fake email differ from a real one

 

You can even take it a step further, and check the incoming email headers or properties.

In the screenshot for this example: you can clearly see the email address absolutely unrelated to GoDaddy’s account verification, sales1@edt.jo.

 

A definite giveaway of the fake email!

 

So, when receiving an email, remember – even if your antivirus checked the email for infection, don’t click on the links within the email – the malicious program may reside at the source of the link, and you may get your computer and your network infected, especially if your anti-virus program is not up-to-date.

Even with a legitimate-looking email, be careful and inspect the body and the header of the correspondence for telltale signs of a phishing attempt. Don’t give away any private information, such as username, password, your name, address, etc. If you are not sure if the email is, one of the safest way to

Top signs of a Phishy email:

  • The email has links inconsistent with the origin of the email
  • The email is using an unusual salutation
  • The email is asking for authentication or personal information
  • The email is prompting for urgent action
  • The email has improper grammar or spelling
  • The email has web links or strange attachments

In today’s world, we must go a step above common sense and practice online safety and security.

Practical Advice:

If you are not sure if the email is legitimate, the safest way to approach is to NOT click on any links, but rather go directly to the source: in the case of this example instead of clicking on “Re-Verify Your Premium Account”, I would go directly to https://www.godaddy.com or call their customer service to confirm the issue.

Is your anti-virus up-to-date? Is your IT handled properly? Do you have a proper IT Security action plan for your organization? Let’s have a conversation about your IT infrastructure – the backbone of your business. We are here to answer your questions.

 

Are you looking for a reliable IT security provider in New Jersey and want to talk right away? Call 201-493-1414 x 311 to find out how we can keep your business network efficient and protected.

Share This