Domaingang.com has been reporting on many domain names that have been involved in phishing attacks on Godaddy which have resulted in domain names being stolen out of Godaddy accounts.
Unlike most phishing attacks where someone uses a domain controlled by the phisher, to actually send the customers to which wind up appearing in the URL bar, recent attacks actually use domain names containing the register’s name, but are owned by third parties just like the one’s Godaddy recently warned its customers about.
As reported by DomainGang.com here are a few:
account-godaddy.com
godaddy-account.com
service-godaddy.com
services-godaddy.com
support-godaddy.com
Take the domain name support-godaddy.com.
It was first registered back in 2006 by a John Bazely of the UK where it remained registered until February 19, 2008 when it expired and was deleted. The domain remained unregistered until just several weeks ago on December 3rd of this year.
Why didn’t Godaddy register this domain in the 6 years that it was available?
service-godaddy.com and services-godaddy.com, which was just registered at the Chinese domain registrar eName Technology Co.,Ltd on June 3rd 2014.
Six months certainly is enough time to file a UDRP.
account-godaddy.com was registered on December 3rd of this year as well as godaddy-account.com
Hell three weeks is long enough to file a UDRP.
Godaddy like most major brands need to be on the look out for direct domain registrations and at least track what is being done with the domains. Are they just being parked or are they being used to mirror Godaddy.com site?
Once Godaddy or any other registrar gets a report of a domain containing its name being used for phishing then its the registrars responsibility to get those domain name shut down, by filing a UDRP, ASAP