Friday, October 4, 2024
HomeCyber Security NewsNamecheap Emails Hacked To Send Phishing Email

Namecheap Emails Hacked To Send Phishing Email

Published on

The email account of domain registrar Namecheap was compromised which led to a flood of DHL and MetaMask phishing emails that sought to steal the victims’ personal information and cryptocurrency wallets.

Reports say the phishing attacks began at 4:30 PM ET and came from SendGrid, a company that Namecheap has previously utilized to send renewal notices and promotional emails.

Following complaints from customers on Twitter, Namecheap CEO Richard Kirkendall acknowledged that the account had been compromised and blocked email through SendGrid while they looked into the situation.

- Advertisement - EHA

Namecheap Emails Hacked To Send Phishing Email

The phishing emails received appear as either MetaMask or DHL. The DHL phishing email poses as a bill for a delivery fee necessary to finish a package’s delivery. 

It is been noticed that the embedded links take users to a phishing page that tries to steal their personal data.

The MetaMask phishing email, which purports to be a necessary KYC (Know Your Customer) verification to avoid the wallet from being suspended, was sent to BleepingComputer.

MetaMask phishing email from Namecheap
MetaMask phishing email from Namecheap

“We are writing to inform you that in order to continue using our wallet service, it is important to obtain KYC (Know Your Customer) verification. KYC verification helps us to ensure that we are providing our services to legitimate customers,” a phishing email from MetaMask reads.

“By completing KYC verification, you will be able to securely store, withdraw, and transfer funds without any interruptions. It also helps us to protect you against financial fraud and other security threats.”

“We urge you to complete KYC verification as soon as possible to avoid suspension of your wallet.”

A promotional link from Namecheap (https://links[.]namecheap.com/) in this email takes users to a phishing page impersonating MetaMask. Notably, the user is prompted to enter their “Private key” or “Secret Recovery Phrase” on this page.

https://www.bleepstatic.com/images/news/security/phishing/n/namecheap/metamask-phishing-page.jpg
MetaMask phishing page

Threat actors can import the wallet to their own devices and take all the funds and assets once a user gives either the recovery phrase or the private key.

Thus, if you received a Namecheap phishing email tonight that purports to be from DHL or MetaMask, delete it right away and avoid clicking any links. 

In a statement made on Sunday night, Namecheap claimed that there had not been a breach of their systems, but rather that there had been a problem with an email system they use upstream.

“We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you,” Namecheap

“We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure.”

Namecheap claims to have stopped all emails, including those used to provide two-factor authentication codes, verify trusted devices, and reset passwords and has started an investigation into the attack with their upstream provider. 

Reports say at 7:08 PM EST later that evening, services were resumed. The CEO of Namecheap earlier tweeted that they were utilizing SendGrid, which is also confirmed in the mail headers of the phishing emails. Namecheap did not specify the name of this upstream system, but the CEO did mention that it was SendGrid.

“Twilio SendGrid takes fraud and abuse very seriously and invests heavily in technology and people focused on combating fraudulent and illegal communications. We are aware of the situation regarding the use of our platform to launch phishing emails and our fraud, compliance, and cyber security teams are engaged in the matter. This situation is not the result of a hack or compromise of Twilio’s network. We encourage all end users and entities to take a multi-pronged approach to combat phishing attacks, deploying security precautions such as two-factor authentication, IP access management, and using domain-based messaging. We are still investigating the situation and have no additional information to provide at this time.” According to Twilio Corp.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Doppler Launches ‘Change Requests’ to Strengthen Secrets Management Security with Audited Approvals

Doppler, the leading platform in secrets management, today announces the launch of Change Requests,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...