How To Spot A Malicious Email

Today I get an email that looks like it came from GoDaddy except for a few things that don’t look right…
Email Headers are not correct, this was obviously a shitty job as the malicious user tried to make the email look like it was coming from godaddy but was actually coming from a compromised wordpress install on Hostgator.

From: Godaddy <>
Message-Id: <>

The Email:

Dear Customer MIGUEL VALLEJO. Confirm Your Identify.

An unknown user was trying to login your GoDaddy account with an incorrect password on Sunday 15 March , 2015 1:05 GMT, and with an unknown DNS IP Location:
(China) ip=, as a result of that we partially blocked your GoDaddy accounts due to major security protocols.

Kindly visit our GoDaddy account Re-Activation Center Click here :

We are sincerely sorry for any inconvenience.
GoDaddy Customer Support.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Copyright (c) 1999-2015, LLC. All rights reserved.


Except for the fact that there is no administrative contact info, phone, business address in the signature it looks somewhat legit. Now Lets look at body of the email specifically at the url and where the link points to…

So this is obviously a malicious email, a targeted one because the user had to go through some effort to put this type of attack together. Sadly this is someone trying to dupe you into coughing up your password or in my case a sad attempt at doing so.
It’s a good idea to go over some security logs after events like this as it could be a sign of someone already in your network and trying to escalate their access.
In my case it was just some noob who though he was dealing with a end user, my response… <^>-_-.

Published by


I’m a bilingual Network Engineer. I have over 20 Years of Professional experience in Computer Science & Information Technology. I currently own and operate Web Semantics ( in Vancouver, Washington. I provide bilingual (English & Spanish) enterprise-level IT support to small and medium-sized businesses across the West Coast. *** Soy un ingeniero de redes bilingüe. Tengo más de 20 años de experiencia profesional en ciencias de la computación y tecnología de la información. Actualmente poseo y opero Web Semantics ( en Vancouver, Washington. Proporciono soporte de IT/Informática bilingüe (inglés y español) a nivel empresarial a pequeñas y medianas empresas en toda la costa oeste.

Leave a Reply