According to KrebsOnSecurity, the cybercriminal was able to gain access to change Escrow’s domain settings by modifying the site’s DNS data to direct it to a third-party server. With that, the company’s homepage was replaced by an aggressive message, which was on the air for two hours. The text read as follows: “Thank you for all these years, but we decided to take the coup on all of you. F *** yourself. Send e-mail to support to get your money back ”. The purpose of the message was to encourage a large number of refund requests to Escrow. It is interesting to note that the criminal made the changes without breaking into GoDaddy’s systems. He used the spear phishing scam, in which victims are studied in depth and social engineering is used to add credibility. In this case, a man called the domain company, posing as an Escrow employee, and requested a DNS change. User data safely In a note, Escrow.com revealed that its customer data was not accessed during the incident and that none of its systems were compromised. Company CEO Matt Barrie said the error was related to GoDaddy. GoDaddy confirmed the problem and said that one of its employees was a victim of the social engineering scam, being tricked by the hacker. The company also said that five other customer accounts were “potentially” affected, but did not disclose which ones were. Finally, the domain registrar says it has blocked accounts impacted by the incident and is taking steps to prevent further attacks of this type.
