We talk about “red flags” as suspicious oddities in an email, text, advertisement or post that raise questions about the authenticity of the content and/or sender. Sometimes we are able to dodge Internet hand grenades because of our ability to spot red flags and thereby avoid clicking a malicious link or download an attachment containing malware. This next email is a perfect example of a communication that contains several very important red flags of varying severity! It was sent to us by a TDS reader who is both the Safety Director at her company and the person who registered the company domain with GoDaddy.com. We’ll call her Marie. Marie asked us for our opinion on whether this email was legitimate and our reply was “absolutely not!” We spotted eight red flags –of varying degrees of concern– that raised the hair on the back of our collective necks enough to advise Marie NOT to click the “Account Verification” link.
We know that many of our readers are savvy enough to spot these red flags! So how good are you? Look over this email very carefully to see how many red flags you spot that lead you to believe this email is not what it appears to be. Our red flag list is below.
Here is our list of red flags. If you see others that we have not included, please let us know by email: firstname.lastname@example.org!
- The email says it came from “GoDaddy” but the actual email address that follows this is a person’s name using a German media company that offers a free webmail service. Their domain is “t-online.de.” In other words, this email didn’t come from the domain godaddy.com or any domain owned by them.
- The layout of this email is very unprofessionally crafted. Several empty gray boxes, varying text sizes, and the space between “Verification” and the exclamation mark are examples of what we mean.
- The grammar and punctuation in the first paragraph is awful and awkward. We believe that the person who crafted this email does not speak English as his or her first language.
- The recipient is told that her account AND domain will be instantly suspended if she doesn’t log in to re-validate the account. Services simply do not send such demands to their clients.
- The footer contains the remark “*Expiration date is subject to change.” What expiration date? No expiration date is noted in the email. Expiration of what? (We checked the WHOIS record for this company’s domain and found that it doesn’t expire for months.)
- GoDaddy is an Internet Registrar, Namer Server provider, domain reseller, and web-hosting service. Why would they put out a link to validate an account that points first to an email service at emailsrvr.com, a service provided by Rackspace.com?
- There is not a single place anywhere in this email that GoDaddy refers to the client by name or domain name. However, four times the email lists the recipients email address as the only way to identify the recipient. Wouldn’t GoDaddy know it’s clients’ domain name or the contact name of the person who registered that name?
- The email lists GoDaddy support number as 1-877-GoDaddy. This translates to the phone number 877-463-2339. We conducted a general Google search, as well as a site specific search (site:godaddy.com 877-463-2339) for that phone number and it doesn’t show up as any phone number associated with GoDaddy at all!
A critically important tool for evaluating the authenticity of an email is to use a WHOIS tool to look up registration information about a domain. There are many but we especially like the one at Domain Tools. Here’s an opportunity for you to use this tool to evaluate the authenticity of an email. Check out this email that appears to come from the website “We buy homes 4 cash.” However, the email came from, and links point back to the domain NewsNowToday[.]info. Visit the WHOIS tool at Domain Tools and enter that full domain name, WITHOUT brackets around the period, into the search field. This email was sent on October 22. Two important questions about authenticity are… When was that domain name registered? And where is it being hosted? What do you learn? (Answers below.)
When we looked up this News Now Today domain, we saw the following…. (It helps to look up 2-letter Internet country codes.)