---
title: "Things You Need to Learn From The Latest GoDaddy Phishing Attack | Phish Protection"
description: "Things You Need to Learn From The Latest GoDaddy Phishing Attack: As the world transforms into a more digitally connected environment, the risks have also."
image: "https://phishprotection.com/og/blog/learn-from-latest-godaddy-phishing-attack.png"
canonical: "https://phishprotection.com/blog/learn-from-latest-godaddy-phishing-attack/"
---

Quick Answer

As the world transforms into a more digitally connected environment, the risks have also amplified manifold. New York-based \_domain and web hosting service provider GoDaddy discovered an enormous security breach on November 17 this year\_, which affected almost \*\*1.2 million accounts\*\*. The incident occurred when the a\[ttacker accessed the GoDaddy\](https://www.pcmag.com/news/godaddy-hacked-12m-customers-at-risk-of-phishing-attack) network through a compromised password on September 6, 2021\. The incident filed with the Security and Exchange Commission (SEC) states that the organization had observed and identified “suspicious activity” in

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Flearn-from-latest-godaddy-phishing-attack%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Things%20You%20Need%20to%20Learn%20From%20The%20Latest%20GoDaddy%20Phishing%20Attack&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Flearn-from-latest-godaddy-phishing-attack%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Flearn-from-latest-godaddy-phishing-attack%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Flearn-from-latest-godaddy-phishing-attack%2F&title=Things%20You%20Need%20to%20Learn%20From%20The%20Latest%20GoDaddy%20Phishing%20Attack "Share on Reddit") [ ](mailto:?subject=Things%20You%20Need%20to%20Learn%20From%20The%20Latest%20GoDaddy%20Phishing%20Attack&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Flearn-from-latest-godaddy-phishing-attack%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/12/phishing-protection-7496.jpg) 

As the world transforms into a more digitally connected environment, the risks have also amplified manifold. New York-based _domain and web hosting service provider GoDaddy discovered an enormous security breach on November 17 this year_, which affected almost **1.2 million accounts**. The incident occurred when the a[ttacker accessed the GoDaddy](https://www.pcmag.com/news/godaddy-hacked-12m-customers-at-risk-of-phishing-attack) network through a compromised password on September 6, 2021\. The incident filed with the Security and Exchange Commission (SEC) states that the organization had observed and identified “suspicious activity” in the hosting environment that managed WordPress. The IT Security team undertook immediate action, but the malicious actor had at their disposal almost two months to establish a rigid presence by that time. _GoDaddy stated that anybody using WordPress currently should assume as compromised if not proved otherwise_.

### Phishing Statistics To Reflect On

The world of [phishing](/content/phishing-prevention/what-is-phishing/) has seen a dramatic rise over the years.

![Phishing protection](https://media.mailhop.org/phishprotection/images/2021/12/phishing-protection-7496.jpg) 

The above graph illustrates the number of brands and legitimate entities targeted by **phishing attacks** from January 2009 to March 2021\. As the world becomes more tech-reliant and transactions and communications become more accessible, malicious attempts to disrupt and intrude into information networks and databases have also increased.

### The Modus Operandi of the Phishing Attack on GoDaddy

> “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle

As suggested in the report filed with the Security and Exchange Commission (SEC) and mentioned previously, _the illegal access was gained through a compromised password_, after which the attacker established a strong presence in the GoDaddy Hosting Environment. The situation enabled the third party to gain information about WordPress Admin passwords and sFTP database username and password for active customers. A few of the active customers had their [SSL private keys](https://www.theverge.com/platform/amp/2021/11/22/22796729/godaddy-email-addresses-passwords-security-breach-managed-wordpress-ssl-keys) exposed too. The **total of 1.2 million** accounts was a mix of active and inactive customers. Along with the information mentioned above, email addresses and customer telephone numbers were also exposed.

### The Aftermath

The Chief Information Security Officer (CISO), Mr. Demetrius Comes, had stated that they [discovered the breach](https://www.pcmag.com/news/godaddy-hacked-12m-customers-at-risk-of-phishing-attack) much later, though the action was immediate. They are currently investigating the entire matter with the help of an IT Forensics firm and Law Enforcement. _GoDaddy has also gone ahead and reset all the passwords of the accounts that were affected_. It has also declared a warning of future **phishing attacks**, and users are advised to take standard precautions like installing or updating **anti-malware** and email [phishing protection](/) software.

### Earlier Examples of Phishing Attacks on GoDaddy/WordPress

The above is not the only **phishing incident** targeting GoDaddy. A similar incident occurred last year, whereby _fraudsters redirected email and web traffic destined for several [cryptocurrency](/blog/crypto-phishing-scams-gaining-momentum-with-more-coins-in-the-market/) trading platforms for a whole week_. The entire exercise was directed towards GoDaddy employees. It was discovered in April 2020, though the first attempts were made way back in October 2019\. _The scam allowed the intruders to get control over more than half a dozen websites of repute_, including escrow.com. They were also able to read the internal notes that GoDaddy employees had left on customer accounts.

In March 2020, there was another widespread [voice-phishing](/blog/understanding-phishing-types-phishing/) (vishing) attack on GoDaddy wherein the perpetrators tricked the employees over the phone to transfer ownership of domains to fraudulent accounts. _The main aim of the malicious actors has been to gain illegal access to cryptocurrency domains and change the settings_.

A [2020 Phishing and Fraud Report](https://www.f5.com/labs/articles/threat-intelligence/2020-phishing-and-fraud-report) stated that “_**almost 10%** of all phishing incidents involved victims being sent to malicious pages built using WordPress_”. The report also pointed out a steady increase over the years. The [Wordfence WordPress Threat Intelligence Report for 2020](https://www.wordfence.com/blog/2021/01/the-wordfence-2020-wordpress-threat-report/) stated that _it blocked almost **90 billion malicious log-in** attempts from **over 57 million** unique IP addresses_.

![Current Phishing Statistics Insights](https://media.mailhop.org/phishprotection/images/2021/12/Current-Phishing-Statistics-Insights.jpg) 

### Ways to Counter Phishing and What Should Organizations Do to Mitigate The Menace?

Countering **phishing attempts** needs to be a multi-pronged effort. Along with implementing robust [anti-phishing solutions](/) and other safeguards, adequate awareness by every individual is also essential, as elaborated below.

#### Email Security

If you know how to [stop phishing](/resources/stop-phishing-before-it-infiltrates-organization/) emails, you will be able to control a great deal of phishing, as _a common channel used by malicious actors for phishing is the ubiquitous email_. Electronic mail has become the favorite mode of communication in recent times, and even though it is easy and fast, it is vulnerable. Organizations will have to invest in the best [phishing protection](/) available in the market to build resistance to **phishing emails** and keep their data and information safe. There are myriad options available, and a little bit of research is required to understand the organization’s needs. Anti-malware and [anti-ransomware solutions](/products/malware-and-ransomware-protection/) should top the list of must-haves.

#### Round-the-clock Vigil

Advancements in technology have transformed most of the daily human activities. However, the flip side to it is the constant war being waged by threat actors to enter the sanctum sanctorum of organizations and access data, which otherwise would be unavailable to them. Stopping them would be the **IT Security teams** of those organizations, which must be vigilant forever. Though some systems and tools act as force multipliers, the individual will also be alert throughout. _Constantly monitoring the network and keeping an eye on the internet traffic is essential to counter any **phishing attempt** or illegal entry_.

#### Awareness & Adequate Training

Finally, the most robust defense of any organization is also its weakest: people. Employees must undergo rigorous [awareness training](/products/phishing-awareness-training/) through **phishing email examples** and methodologies like those employed by malicious actors to penetrate vulnerable systems and firewalls. They will also have to be trained in identifying [phishing attempts](/blog/latest-tech-support-scams-involving-phishing-attacks/). With the world of phishing diversifying into many forms, the training must be up to date and suited for the present and apparent threats.

### Final Words

_The GoDaddy saga is an urgent reminder of the constant threats emanating from the virtual world_. The hosting and domain giant does have a robust **online security system** to create firewalls. However, malicious actors are always hunting for vulnerabilities and on the lookout for their next phishing victim, and all they would need is to be lucky once. The virtual world is also an ever-changing entity with constant transitions of technologies. Amidst such a cauldron of activity, vigil must be heightened to the maximum extent.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Things You Need to Learn From The Latest GoDaddy Phishing Attack","description":"Things You Need to Learn From The Latest GoDaddy Phishing Attack: As the world transforms into a more digitally connected environment, the risks have also.","url":"https://phishprotection.com/blog/learn-from-latest-godaddy-phishing-attack/","datePublished":"2021-12-01T08:42:45.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-12-01T08:42:45.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/learn-from-latest-godaddy-phishing-attack/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1038,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/12/phishing-protection-7496.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Things You Need to Learn From The Latest GoDaddy Phishing Attack","item":"https://phishprotection.com/blog/learn-from-latest-godaddy-phishing-attack/"}]}
```