Today, September 3, 2014, a new spoofed GoDaddy phishing spam started showing up in people’s inboxes. “Your account contains too many directories”, it tells you (for example, in our sample the subject is “Status Alert: Your account contains more than 9740 directories”).
As we always advise, whenever you receive email that appears to be from a service that you use, always – ALWAYS – log in directly at the service provider’s website, and never – NEVER – click on the link in the email. If the notice really is from your provider, that same information will show up in your account when you log in.
Here is a sample of the spam, hopefully you are reading this before it caught you.
From: GoDaddy
Subject: Status Alert: Your account contains more than 9740 directories.
Date: September 3, 2014 at 12:53:35 PM MDT
Dear Valued GoDaddy Customer.
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are VERY appreciated! Receipts will come from ISIPP.
Your account contains more than 463 directories and may pose a potential performance risk to the server.
Please reduce the number of directories for your account to prevent possible account deactivation.
In order to prevent your account from being locked out we recommend that you create special tmp directory.
Or use the link below:
Sincerely,
GoDaddy technical support.
But, of course, that purported GoDaddy URL really goes to a malicious site:
– – – – – – – – – – – – – – – – – – – – – – – – –
Copyright (C) 1999-2014 GoDaddy.com, LLC. All rights reserved.
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are appreciated!
Receipts will come from ISIPP.
Thank you very much
JustHost accounts are getting this now as well. Thanks for the heads up.
Your account contains more than 7297 directories and may pose a potential performance risk to the server.
Please reduce the number of directories for your account to prevent possible account deactivation.
In order to prevent your account from being locked out we recommend that you create special temp directory.
Or use the link below:
[link obfuscated]
We are sincerely sorry for any inconvenience.
JustHost Customer Support.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Copyright (c) 1999-2015 JustHost.com, LLC. All rights reserved.
Just got this email today and unfortunately logged in. On the phone with BlueHost now to try and rectify the account/reset the password.
If it wasn’t for your article here (and Google-searching the email text itself to try and find out what’s up with the “too many directories” problem), I wouldn’t have known about this being a phish (didn’t look at my URL bar). The awful thing about this email is that if you host a lot of WordPress sites, hearing you have over 8,000 directories is actually believable and could be considered a problem on certain hosting accounts.
Thanks you so much for sharing. Hopefully catching the phish immediately will prevent damage to our hosted sites.
I just got one today, supposedly from Bluehost. subject “Account Notice : Error ? 5658”. same text as above. included my name in the body of the email.
Thanks for posting this thread – I found it before clicking the link.
Yeh so got one for bluehost now too.
Exact same wording and the real url goes to some russian site.
Email subject was “Error No 1799”
well i got the same mail and i unfortunately clicked it and i was about to enter my account details but in the address bar i noticed a different address and thanks god i did noticed and i closed that page directly..and now am confused if that page got some of my info:credit cards info or cookies or passwords
any help plz ?
I just got one of these emails saying status alert code 4115 dont click on the link anybody. Im glad i rang godaddy when i got this email because this emails looks legit which is scary but as i only have domains with them and not hosting i thought this email doesnt make sense. Glad i rang them. Thanks for putting this article out hope it stops people from clicking the fake link
Aaaah, thanks.
Its good that I noticed the URL and checked the email content on Google.
Otherwise, I would be their victim :)
Thanks for sharing this information.
@Emitt The email mentioned my name too…
They almost got me to click the link but they said valued customer instead of my name. So i went to godaddy and signed in. NO ALERT then i goggled this to verify it is a phishing scam.
Thanks Anne. This email scared the crap out of me. I was also confused because I bought my domain only a week ago and have yet to even start a website. The email was very clever, but I will heed your advice in the future. Experience gained for next time.