Posted by Mr Spamalicious | Posted in Computer Virus Spam - Open the Attachment or Follow a Link to Get Infected by a Trojan, One Pill Makes You Larger Spam - Online Pharmacies, Pills, and Erectile Dysfuntion Cures | Posted on 06-21-2010
Wow, this ones slick. I have over a hundred domains with GoDaddy but even then the invoice was way too high since they are automatically renewed upon expiration. So I clicked on the link and wouldn’t you know it, after some weird redirect, it takes me to the infamous Canadian Pharmacy. Might be a virus involved as well. Not sure. So how do you know it’s fake without clicking on the links? View the header or source code of the email. You’ll see it’s not really from Godaddy. In my case it was from jobberseyy3@regalcandy.com
Dear clay@claytowne.com,
Thank you for ordering from GoDaddy.com! This email contains important information regarding your recent purchase — please save it for reference.
| CUSTOMER NUMBER: | 41328847 |
| LOGIN NAME: | 79899156 |
| RECEIPT NUMBER: | 74396877 |
| ORDER TOTAL: | $357.00 |
| CUSTOMER SERVICE: | (480) 505-8877 |
| QTY | ITEM | PRICE |
| 300 | .INFO Bulk Domain Name Registration (201-500) |
$357.00 |
|
|
||
| Subtotal: $357.00 | ||
| Shipping & Handling: $0.00 | ||
| Tax: $0.00 | ||
| Total: $357.00 |
| Important Information concerning your purchase: | ||
| Domain Registration | Product Info | Legal Agreement |
| Free Personal Email | Product Info | Legal Agreement |
| Free Hosting w/ Web Site Builder |
Product Info | |
| Quick Blogcast | Product Info | Legal Agreement |
| Starter Web Page or For Sale Page |
Product Info | |
Don’t load pictures automatically (privacy).
If you hover over the not yet loaded pictures it tells you where it would load the picture from. In this case it does not load them from godaddy but from “http://dextersss-com-ua.1gb.ua/zzx.htm”
Hovering over the links shows the same, btw.
Good tip and thanks for posting the URL. I’ve gotten a lot of extra traffic from people searching for that one.
Just got this same email…spoke to GoDaddy..your credit card will not be and was not charged ….its a fishing scam..a pretty good one though
I just received 4 of these today for the first time, as well. One of the best looking phishing emails I’ve seen in a long time! I called GoDaddy too & they’re now answering with an automated message warning of this email.
Yeah, definitely one of the better ones. Clever too. Almost no one would feel that invoice was correct because it’s so high. So naturally people will click on it to see what the problem is. If they would have used something along the lines of $9.95 I’m sure they’d get far fewer click throughs.
I got 3 of these today and at first glance I thought Godaddy made a mistake. After I hovered over the links I realized it was a scam.
$357. for a batch of .info’s, ridiculous!
Yep, i got 5 of these together today. Each with a different “customer number” (?) scared me momentarily as i’ve had dosh pinched before thanks to a virus/keylogger…
There is one for Amazon too! Just a heads up. User got 6 Amazon invoices (fake ones) and was about to go beserk! I told him it was spam, but watch your Amazon account.
got 5 of these today and one more Subject Confirmation with an html attachment (which I did not click on!)