模仿GoDaddy的 Phishing Mail
#######################################################
Dear Valued GoDaddy
Your GoDaddy service(s) shown below has been suspended because some of the purchases on your account remain unpaid. For a limited time, however, the services will continue to be registered to you even while disabled .
Account Holder: MONDAY xxxxx
The following nsWebAddress™ are in this account : xxxxx.com
Please make payment immediately upon receipt of this notification, or the nsWebAddress™(es) listed above will be deleted from your account and we may, in accordance with our service agreement, attempt to renew and transfer the nsWebAddress™ listed above to a third party on your behalf. This notice has been sent to both the Primary Contact and Registrant assigned for these services.
To make payment and reinstate your services, please Follow the reference below :
https://order.godaddy.com/login.aspx?ids= aabc1a0daa03abde243e2dceade0e8 70e3... Thanks for your co-operation.
GoDaddy Customer Support.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Copyright (c) 1999-2015 GoDaddy.com, LLC. All rights reserved.
#######################################################
- 一開始的 "Dear Valued GoDaddy" ,並不是"Dear Valued Customer"
- 聲稱 service suspended 但我的網站仍可正肖運作
- Google了一下"nsWebAddress"發現還有其他人在討論...
- 最大問題是那連結
- 顯示為
- https://order.godaddy.com/
login.aspx?ids= aabc1a0daa03abde243e2dc。。。 - 但實際連結到
- http://bushmanwatergroup.com/sso.godaddy.com/pid/d43ab110ab2489d6b9b2caa394bf920fd43ab110ab2489d6b9b2caa394bf920f/59f51fd6937412b7e56ded1ea2470c2559f51fd6937412b7e56ded1ea2470c25/33ef701c8059391708f1c3ddbe9f1f8133ef701c8059391708f1c3ddbe9f1f81/18488e61d6a32d8。。。
- 進入連結後是一個很像GoDaddy 登入頁的頁面,但當然...不是真吧