Over the past few months, fraudsters have redirected email and web traffic to cryptocurrency trading sites. According to KrebsOnSecurity, scams targeted the employees of GoDaddy for facilitating the attacks. The staff of the world’s largest domain name registry was tricked into passing control of targeted domains to fraudsters. The phishing scam took control of over five domain names, such as escrow.com, a famous transaction brokering website.
A month later, GoDaddy announced that 28,000 web hosting accounts of their clients were hacked after a security breach. The latest attack started on November 13, 2020; targeting one of the cryptocurrency trading platforms, liquid.com. As Liquid CEO, Mike Kayamori states, this allowed the malicious attacker to change DNS records of the domain, take control of several internal email accounts, and proceed directly to their document storage.
Liquid.com, however, was not the only cryptocurrency trading platform targeted by hackers. Cryptocurrency mining service NiceHash reported an unauthorized change of its domain registration records at GoDaddy. The company froze its consumer funds until the domain settings had been changed to their original ones. The founder of NiceHash noted that the changes were made from an internet address at GoDaddy. The malicious actor attempted to perform password resets on various services, but, fortunately, was not able to access any emails or private information of the company.
GoDaddy spokesperson Dan Race responded to the concerns of its customers, admitting that a “limited” number of GoDaddy employees fell prey to the phishing attack. He stated that they were able to lock down the accounts immediately after the threat was revealed, changed the settings, and helped their customers to regain access to their accounts. To the question of how their employees were tricked to make such unauthorized changes, the spokesperson explained that the hackers succeeded in getting the required information by convincing GoDaddy employees to use their credentials on the phishing website; servicenow-godaddy.com.
After these attacks, GoDaddy is educating its employees about the new type of aggressive attacks against its customers and adopts new security measures to prevent future troubles. The company recently tricked its employees by sending them an email promising a holiday bonus of $650 to the ones who fill out the form with their location and personal information. More than 500 employees failed the test by clicking the email and writing their personal data. The next day, they received an email about their failure and an invitation to undergo cybersecurity training.
Change Your Passwords (Advice From Webmaster)
Do it as soon as possible, that’s my advice for corporations that have a large number of employees. You want to make sure all your employees have secure passwords if they have access to databases and important files.
Password security has to be taught more often in companies because there are a lot of people who are doing a poor job of keeping their passwords safe, imagine how many people have access to a company through many devices?
To keep a database and server secure, you have to make sure the passwords are hard to break, on top of that, employees should be advised to not click on any link that they see, links can contain malware which can affect a whole network!
My name is Greg and I have 15 years of experience in creating and managing websites. I have 6+ million views collectively on social media platforms like Quora, Facebook, LinkedIn, and Instagram. Contact me to get your website optimized for search engines.