Friday, March 29, 2024

Namecheap Emails Hacked To Send Phishing Email

The email account of domain registrar Namecheap was compromised which led to a flood of DHL and MetaMask phishing emails that sought to steal the victims’ personal information and cryptocurrency wallets.

Reports say the phishing attacks began at 4:30 PM ET and came from SendGrid, a company that Namecheap has previously utilized to send renewal notices and promotional emails.

Following complaints from customers on Twitter, Namecheap CEO Richard Kirkendall acknowledged that the account had been compromised and blocked email through SendGrid while they looked into the situation.

Namecheap Emails Hacked To Send Phishing Email

The phishing emails received appear as either MetaMask or DHL. The DHL phishing email poses as a bill for a delivery fee necessary to finish a package’s delivery. 

It is been noticed that the embedded links take users to a phishing page that tries to steal their personal data.

The MetaMask phishing email, which purports to be a necessary KYC (Know Your Customer) verification to avoid the wallet from being suspended, was sent to BleepingComputer.

MetaMask phishing email from Namecheap
MetaMask phishing email from Namecheap

“We are writing to inform you that in order to continue using our wallet service, it is important to obtain KYC (Know Your Customer) verification. KYC verification helps us to ensure that we are providing our services to legitimate customers,” a phishing email from MetaMask reads.

“By completing KYC verification, you will be able to securely store, withdraw, and transfer funds without any interruptions. It also helps us to protect you against financial fraud and other security threats.”

“We urge you to complete KYC verification as soon as possible to avoid suspension of your wallet.”

A promotional link from Namecheap (https://links[.]namecheap.com/) in this email takes users to a phishing page impersonating MetaMask. Notably, the user is prompted to enter their “Private key” or “Secret Recovery Phrase” on this page.

https://www.bleepstatic.com/images/news/security/phishing/n/namecheap/metamask-phishing-page.jpg
MetaMask phishing page

Threat actors can import the wallet to their own devices and take all the funds and assets once a user gives either the recovery phrase or the private key.

Thus, if you received a Namecheap phishing email tonight that purports to be from DHL or MetaMask, delete it right away and avoid clicking any links. 

In a statement made on Sunday night, Namecheap claimed that there had not been a breach of their systems, but rather that there had been a problem with an email system they use upstream.

“We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you,” Namecheap

“We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure.”

Namecheap claims to have stopped all emails, including those used to provide two-factor authentication codes, verify trusted devices, and reset passwords and has started an investigation into the attack with their upstream provider. 

Reports say at 7:08 PM EST later that evening, services were resumed. The CEO of Namecheap earlier tweeted that they were utilizing SendGrid, which is also confirmed in the mail headers of the phishing emails. Namecheap did not specify the name of this upstream system, but the CEO did mention that it was SendGrid.

“Twilio SendGrid takes fraud and abuse very seriously and invests heavily in technology and people focused on combating fraudulent and illegal communications. We are aware of the situation regarding the use of our platform to launch phishing emails and our fraud, compliance, and cyber security teams are engaged in the matter. This situation is not the result of a hack or compromise of Twilio’s network. We encourage all end users and entities to take a multi-pronged approach to combat phishing attacks, deploying security precautions such as two-factor authentication, IP access management, and using domain-based messaging. We are still investigating the situation and have no additional information to provide at this time.” According to Twilio Corp.

Network Security Checklist – Download Free E-Book

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles