GoDaddy has suffered an embarrassing phishing attack that affected one of its most high-profile customers.
A customer service agent at the web hosting giant was targeted by a spear-phishing attack which enabled hackers to gain access to the account of escrow.com, according to security site KrebsOnSecurity.
Escrow.com is one of the US’ leading brokering websites, enabling thousands of customers to make secure transactions online, however the hackers were able to change its homepage to a profanity-laden message.
Hackers were able to change escrow.com’s DNS records to redirect to a third-party web server based in Malaysia, one identified by KrebsOnSecurity as hosting phishing scams.
Matt Barrie, the CEO of freelancer.com, which owns escrow.com, confirmed that none of its systems were compromised, and no customer data, funds or domains were breached or accessed.
Barrie told KrebsOnSecurity that no-one in his business had been affected, with the breach instead coming from their GoDaddy representative.
The web hosting site confirmed that an employee had fallen victims to a spear-phishing attack, and that a “thorough audit” had revealed five other customer accounts could also potentially be affected.
“Our team investigated and found an internal employee account triggered the change,” a GoDaddy statement given to KrebsOnSecurity said.
“We immediately locked down the impacted accounts involved in this incident to prevent further changes. Any actions done by the threat actor have been reverted and the impacted customers have been notified. The employee involved in this incident fell victim to a spear-phishing or social engineering attack. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.”
Anyone fearing such attacks is urged to boost their security through implementing systems such as two-factor authentication, and strong passwords governed by password manager tools.