GoDaddy employees fall prey to phishing attack, report says

This attack on domain registrar allowed fraudsters to take over control of cryptocurrency service sites such as NiceHash and Liquid, exposing personal information of users.

November 24, 2020 02:06 pm | Updated December 03, 2021 05:46 am IST

GoDaddy employees fall prey to phishing attack, report says.

GoDaddy employees fall prey to phishing attack, report says.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

GoDaddy employees fell prey to a social engineering and phishing scam that was launched to attack multiple cryptocurrency exchanges, according to a cybersecurity expert Brian Krebs.

Employees at the company were tricked into changing registration and email records, which were used to attack other organisations. Hackers redirected email and web traffic destined for several cryptocurrency trading platforms over the past week.

This attack on domain registrar allowed fraudsters to take over control of cryptocurrency service sites such as NiceHash and Liquid, exposing personal information of users.

GoDaddy confirmed to Krebs that the scam led to a small number of customer domain names being modified earlier this month after a ‘limited number’ of GoDaddy employees fell for a social engineering scam.

How hackers tricked staff

The company spokesperson declined to specify how its employees were tricked into making the unauthorized changes. However, Krebs suggested that it could be a voice phishing or vishing attack where fraudsters succeeded by calling GoDaddy employees and convincing them to use their employee credentials at a fraudulent GoDaddy login page.

Often, hackers pose as IT department employees and claim to help troubleshoot issues with the company’s email or virtual private networking (VPN). Their target is to get credentials over the phone or input them manually at a website created by hackers that resembles the organisation’s actual website or VPN portal.

 

According to Mike Kayamori, CEO of Liquid, on November 13, GoDaddy incorrectly transferred control of an account and domain to a malicious actor.

“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts,” Kayamori said in a blog post.

“In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,”

While Liquid contained the attack and reasserted control of the domain, it said that hackers were able to obtain personal information such as email, name, address and encrypted password.

Besides, NiceHash said the domain was not reachable due to technical issues with domain registrar, GoDaddy that led to unauthorized access to the domain settings, and the DNS records for the NiceHash.com domain were changed.

NiceHash domain’s all systems are fully operational and no emails, passwords, or any personal data were accessed.

This is not the first instance when GoDaddy has been targeted by hackers. In March, a similar voice phishing attack allowed attackers to take over control of at least a half-dozen domain names and in May, GoDaddy revealed that 28000 customers’ web hosting accounts were compromised after a security incident in October 2019.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.