I received an email today that turned out to be a Hostgator phishing scam. The email informed me that Hostgator had received a request to change the name servers on one of the domains belonging to me.
The email was pretty cleverly constructed and likely would have fooled me except that I couldn’t think of a reason why Hostgator would have received a request from anyone to change the name servers on that particular domain, or any other I own, for that matter.
Another suspicious bit of the email was a reference to Domain Back Orders. I never back order domains and it didn’t make sense that if I had back-ordered the domain I’d have been notified of a request to change the name servers. After all, if it’s back-ordered, I don’t own it yet, so why would I care?
I checked the domain and the name servers were as they should be. I checked the site and it’s up and running. So, nothing had been changed.
Finally, I checked the link that was provided in the email. The visible text looked legitimate, but the real URL was hidden by the HTML in the email. Hovering over the URL in the email displayed the real URL in the browser status bar and gave away the scam. The URL was something like:
http://somedomain.ru/wp-includes/gibberish.php?parameter-string
Not even close to “hostgator.com”, eh?
Just a warning to be very suspicious of emails you receive that provide links to “fix” something in your account with whoever allegedly sent the email. If it feels “off” in any way, it probably is.
This particular phishing email was very well constructed. It included my name and a domain that I own which made it look fairly legitimate. The information was obviously gathered from the domain registration information to add an air of authenticity to the email. The domain is not privately registered, so the information is public knowledge. Had I not been familiar with how domain registration works, I might not have seen through the scam.
Be careful out there!
Photo credit: David Castillo Dominici via freedigitalphotos.net
Protected by WebARX