Hackers Breach Namecheap Email Account, Launch Aggressive Phishing Campaign

Namecheap, one of the world’s leading domain registrars, has been hit by a security incident that allowed perpetrators to launch an aggressive phishing campaign.

After breaching Namecheap’s email account Sunday night, hackers attempted to weaponize it by sending a flood of phishing emails impersonating DHL and MetaMask.

The malicious campaigns started around 4:30 PM ET aiming to steal sensitive information and crypto assets from customers of the services impersonated. Threat actors sent the rogue emails from SendGrid, an email platform often used by Namecheap for marketing and renewal notice emails.

Perpetrators disguised the DHL phishing email as a seemingly innocuous delivery fee bill; victims were asked to pay the bill by accessing a link so that the company could complete the delivery. As BleepingComputer reported, embedded links led victims to a phishing page where the attackers tried to steal their data.

The MetaMask rogue email claimed to be a Know-Your-Customer (KYC) verification, urging the recipients to address it to prevent suspension of their wallets. Clicking the embedded link led victims to a phishing page where hackers tried to harvest their wallets’ secret recovery phrases and private keys.

Crypto wallet secret recovery phrases and private keys are critical to securing assets. Attackers can use these security mechanisms to import wallets on their own devices and drain them completely.

In a Twitter thread, Namecheap said that it has “evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients.”

“It was stopped immediately,” the company said. “We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure. We will update status post once the issue is solved.”

Namecheap also warned customers to be wary of any suspicious emails or messages that may have originated from compromised accounts.

All customers are strongly advised to watch out for signs of a phishing scam, such as unexpected, suspicious emails, unknown senders, links that don't look right, and other abnormal behavior.

“We have stopped all the emails (that includes Auth codes delivery, Trusted Devices’ verification, and Password Reset emails, etc.) and contacted our upstream provider to resolve the issue,” reads Namecheap’s announcement. “At the same time, we are also investigating the issue from our side.”

Specialized software like Bitdefender Ultimate Security can help you fend off phishing attempts and other cyberthreats with its extensive feature library, including:

• Anti-phishing module that detects and blocks websites disguised as legitimate ones to steal your data or assets
• Antispam technology that keeps your inbox clean by filtering irrelevant or potentially dangerous messages in your local email clients (Thunderbird, Microsoft Outlook)
• Web filtering module that prevents you from landing on harmful websites and blocks known infected links
• Anti-fraud technology that alerts you whenever you visit potentially scam websites