Namecheap, a popular domain registrar, experienced a breach of its email account on Sunday night, resulting in a surge of phishing emails impersonating MetaMask and DHL. The phishing emails were sent from SendGrid, an email platform Namecheap previously used to send renewal notices and marketing emails.
Recipients of the phishing emails reported the incidents on Twitter, and Namecheap’s CEO, Richard Kirkendall, confirmed that the account had indeed been compromised. The company temporarily disabled its email service through SendGrid while the issue was being investigated.
The phishing emails were designed to steal recipients’ personal information and cryptocurrency wallets. The DHL phishing email appeared to be a bill for a delivery fee, while the MetaMask phishing email pretended to be a required KYC (Know Your Customer) verification to prevent the wallet from being suspended. Both phishing emails contained links that redirected users to a phishing page, where the threat actors attempted to steal sensitive information such as the recovery phrase or private key for the wallet.
Namecheap issued a statement claiming that their own systems were not breached and that the issue was with an upstream system used for sending emails. The company did not specify the name of this upstream system, but the CEO tweeted that they were using SendGrid. Twilio SendGrid, the parent company of SendGrid, stated that the incident was not the result of a hack or compromise of their email service provider’s systems.
Namecheap temporarily stopped all email services, including two-factor authentication code delivery, trusted devices’ verification, and password reset emails, while they investigated the attack with their upstream provider. Services were restored later that night.
If you received a phishing email from Namecheap, it is advised to delete it immediately and not to click on any links. It is also recommended to take a multi-pronged approach to combat phishing attacks by deploying security precautions such as two-factor authentication and IP access management.