Namecheap Customers Receive Phishing Emails

An envelope on a fishing hook lays against an orange background.
Image made by Safe, Not Scammed using Canva.

Last week, Namecheap’s official email accounts were used to send phishing emails to the domain registrar’s customers.

One such message asked recipients to pay a fee so DHL could deliver their parcel. Another instructed recipients to submit personal information to stop their MetaMask accounts from being closed.

Fortunately, sharp-eyed users noticed something amiss when they saw the messages came from Namecheap, rather than DHL or MetaMask, and took to social media to raise the alarm. However, other users fell for the scam, losing thousands of dollars in the process.

Namecheap responds

Namecheap CEO Richard Kirkendall responded to a tweet by security researcher Troy Hunt, stating “the issue was within a 3rd party provider” Namecheap used for its newsletter. Kirkendall added, “None of our own systems or customer accounts where [sic] breached.”

To be clear, the issue was within a 3rd party provider that we use to send our newsletter. None of our own systems or customer accounts where breached. I sent a follow up email to all users that were affected. The domains linked in the original phishing emails were also disabled.
Namecheap CEO responds to Troy Hunt. Source: NamecheapCEO.

Namecheap also posted an announcement about the incident on their status page, vaguely titled “Email Gateway Issue.” It confirmed “the upstream system we use for sending emails (third party) is involved in the mailing of unsolicited emails to our clients.”

The announcement again emphasized “Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure.”

A man holds up a stop sign with an envelope snared with a fishing hook in the center.
Image made by Safe, Not Scammed using Canva.

To figure out what was going on, and to stop even more phishing emails from being sent, Namecheap suspended all of its email deliveries for a portion of time on Sunday. Although email deliveries were later restored, Namecheap provided very little additional information about what was happening.

Instead, the domain registrar said they would “continue to investigate the issue with the mailing of unsolicited emails” and promised to “keep you updated on the matter.” As of the time of writing, however, there have been no further updates.

Namecheap’s email provider denies breach

BleepingComputer reported SendGrid was the third-party provider handling Namecheap’s emails. However, Twilio, who owns SendGrid, told BleepingComputer “This situation is not the result of a hack or compromise of Twilio’s network.”

Exactly how attackers were able to send phishing emails from Namecheap’s accounts thus remains unclear. 

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *