Domain hijacking spear-phisher foiled by the last line of defense—paranoia

Ars Technica 2015-08-28

As the old joke goes, "Just because you're paranoid doesn't mean that everybody isn't out to get you." Based on the contents of my e-mail inbox lately, I can confirm that my paranoia is well-founded.

Yesterday, I got an e-mail telling me that the domain name server information of my vanity domain had been changed. It purported to be a message from GoDaddy and had enough information to be almost legitimate—I had just regained the domain after another hosting company had neglected to auto-renew it a year ago, and at one point I had put in a domain backorder with GoDaddy to ensure that I could jump on it when the spam Japanese medical device WordPress blog was done sucking all the search engine optimization mojo out of it.

I had changed the DNS server information about two weeks ago, so the alert that it had been changed again made me nervous. I recognized the text in the link in the e-mail as being the URL for GoDaddy's customer login page. However, there were signs that this was not legitimate:

Read 8 remaining paragraphs | Comments