GoDaddy employees fall prey to phishing attack, report says

GoDaddy employees fall prey to phishing attack, report says.   | Photo Credit: Reuters

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

GoDaddy employees fell prey to a social engineering and phishing scam that was launched to attack multiple cryptocurrency exchanges, according to a cybersecurity expert Brian Krebs.

Employees at the company were tricked into changing registration and email records, which were used to attack other organisations. Hackers redirected email and web traffic destined for several cryptocurrency trading platforms over the past week.

This attack on domain registrar allowed fraudsters to take over control of cryptocurrency service sites such as NiceHash and Liquid, exposing personal information of users.

GoDaddy confirmed to Krebs that the scam led to a small number of customer domain names being modified earlier this month after a ‘limited number’ of GoDaddy employees fell for a social engineering scam.

How hackers tricked staff

The company spokesperson declined to specify how its employees were tricked into making the unauthorized changes. However, Krebs suggested that it could be a voice phishing or vishing attack where fraudsters succeeded by calling GoDaddy employees and convincing them to use their employee credentials at a fraudulent GoDaddy login page.

Often, hackers pose as IT department employees and claim to help troubleshoot issues with the company’s email or virtual private networking (VPN). Their target is to get credentials over the phone or input them manually at a website created by hackers that resembles the organisation’s actual website or VPN portal.


According to Mike Kayamori, CEO of Liquid, on November 13, GoDaddy incorrectly transferred control of an account and domain to a malicious actor.

“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts,” Kayamori said in a blog post.

“In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,”

While Liquid contained the attack and reasserted control of the domain, it said that hackers were able to obtain personal information such as email, name, address and encrypted password.

Besides, NiceHash said the domain was not reachable due to technical issues with domain registrar, GoDaddy that led to unauthorized access to the domain settings, and the DNS records for the domain were changed.

NiceHash domain’s all systems are fully operational and no emails, passwords, or any personal data were accessed.

This is not the first instance when GoDaddy has been targeted by hackers. In March, a similar voice phishing attack allowed attackers to take over control of at least a half-dozen domain names and in May, GoDaddy revealed that 28000 customers’ web hosting accounts were compromised after a security incident in October 2019.

This article is closed for comments.
Please Email the Editor

Printable version | Jan 18, 2021 6:20:30 AM |

Next Story