[BreachExchange] GoDaddy suffers embarrassing phishing attack

Destry Winant destry at riskbasedsecurity.com
Tue Apr 7 10:40:36 EDT 2020


GoDaddy has suffered an embarrassing phishing attack that affected one
of its most high-profile customers.

A customer service agent at the web hosting giant was targeted by a
spear-phishing attack which enabled hackers to gain access to the
account of escrow.com, according to security site KrebsOnSecurity.

Escrow.com is one of the US' leading brokering websites, enabling
thousands of customers to make secure transactions online, however the
hackers were able to change its homepage to a profanity-laden message.

GoDaddy shuts down 15k subdomains used in massive spam campaign
Best small business web hosting for 2020
This Chrome extension can help protect you from some of the worst online threats

Phishing attack

Hackers were able to change escrow.com's DNS records to redirect to a
third-party web server based in Malaysia, one identified by
KrebsOnSecurity as hosting phishing scams.

Matt Barrie, the CEO of freelancer.com, which owns escrow.com,
confirmed that none of its systems were compromised, and no customer
data, funds or domains were breached or accessed.

Barrie told KrebsOnSecurity that no-one in his business had been
affected, with the breach instead coming from their GoDaddy

The web hosting site confirmed that an employee had fallen victims to
a spear-phishing attack, and that a "thorough audit" had revealed five
other customer accounts could also potentially be affected.

“Our team investigated and found an internal employee account
triggered the change,” a GoDaddy statement given to KrebsOnSecurity

“We immediately locked down the impacted accounts involved in this
incident to prevent further changes. Any actions done by the threat
actor have been reverted and the impacted customers have been
notified. The employee involved in this incident fell victim to a
spear-phishing or social engineering attack. We have taken steps
across our technology, processes and employee education, to help
prevent these types of attacks in the future.”

Anyone fearing such attacks is urged to boost their security through
implementing systems such as two-factor authentication, and strong
passwords governed by password manager tools.

More information about the BreachExchange mailing list