Jump to content
  • Domain registrar Namecheap's email hacked to send DHL, Metamask phishing emails

    Karlston

    • 515 views
    • 3 minutes
     Share


    • 515 views
    • 3 minutes

    The email account of domain registrar Namecheap was hacked Sunday night, allowing cybercriminals to send phishing emails that aimed to steal recipients' personal information and cryptocurrency wallets.

     

    According to a report by BleepingComputer, the phishing campaign originated from SendGrid, an email platform that Namecheap uses to send marketing emails and renewal notices. The phishing emails pretended to come from logistics provider DHL and cryptocurrency wallet Metamask.

     

    1676264317_fozgptqxgaet8z4_story.jpg

     

    The DHL emails claim that a parcel delivery was unsuccessful as the sender failed to pay the necessary delivery fee. To allegedly be able to proceed with the delivery, the email recipient has to pay the fee themselves. However, clicking on the "Track and Pay" button will lead the user to a fake DHL page that aims to steal their sensitive information.

     

    Meanwhile, the Metamask email says that the recipient's account has been suspended and they need to complete a Know Your Customer (KYC) verification process to reactivate it. "By completing KYC verification, you will be able to securely store, withdraw, and transfer funds without any interruptions. It also helps us to protect you against financial fraud and other security threats," the email stated.

     

    The email also contains a marketing link from Namecheap that redirects the user to a fake MetaMask page asking the user to enter their Secret Recovery Phrase or private key. Providing any of these enables threat actors to import the Metamask wallet to their own devices and drain all of its funds and assets.

     

    After some recipients of the phishing emails started complaining, Namecheap CEO Richard Kirkendall confirmed that their email account was indeed hacked. The company also published a statement on its website:

     

    Dear Customers,

     

    We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you.

     

    We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure.

     

    Please ignore such emails and do not click on any links.

     

    We have stopped all the emails (that includes Auth codes delivery, Trusted Devices’ verification, and Password Reset emails, etc.) and contacted our upstream provider to resolve the issue. At the same time, we are also investigating the issue from our side.

     

    We apologize for any inconvenience during this issue and thank you in advance for your patience and understanding.

     

    Once we have any news from the responsible team, this post will be updated right away.

     

    ___________________

     

    Kind regards,

     

    Namecheap Support Team

     

    In another later update, Namecheap announced that its mail delivery system has been restored. Despite this, it will continue investigating the issue.

     

    One effective way to protect yourself from phishing attacks is by always thinking twice before opening links and attachments from unsolicited emails. Also, always check the URL of the website you're visiting. For example, if the website doesn't start with dhl.com or metamask.io, it could be fraudulent. Finally, always use strong passwords and enable multifactor authentication to make it more difficult for threat actors to infiltrate your online accounts.

     

    Source: BleepingComputer, Namecheap | DHL email image via Kathy Zant (Twitter)

     

     

    Domain registrar Namecheap's email hacked to send DHL, Metamask phishing emails


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...