Namecheap users should remain cautious, as hackers are using its inbox to scam users through phishing emails designed to appear as if they were sent from DHL or MetaMask cryptocurrency hot wallet.
For your information, Namecheap is a popular domain name registrar with more than 15 million domains issued thus far.
According to the company, the incident may have occurred due to a supplier-related issue. Namecheap released its official statement regarding the hack on Sunday, confirming that its upstream system was abused to send out malicious emails.
This means a third party is involved in “mailing unsolicited emails to our clients.” “As a result, some unauthorized emails might have been received by you,” the statement read.
The DHL emails inform the recipient that they need to pay a delivery fee for receiving their parcel, whereas the MetaMask email urges the recipient to complete the Know-Your-Customer (KYC) process. The email then warns victims that if the due process is not completed, they may lose access to their wallets.
MetaMask took to Twitter to ensure that it doesn’t collect KYC information and would never send an email to get details of its users’ accounts. Hence, the company suggested that users shouldn’t enter the Secret Recovery Phrase on any website server and ignore any emails from Namecheap or MetaMask.
Namecheap assured its customers that its internal systems weren’t breached and that their personal information and account-related data were secure. However, the company has urged customers to avoid clicking on any links.
The company stated that it has temporarily suspended all emails. This includes emails delivering authentication codes, password resetting, and verifying trusted devices.
“We are glad to let you know that the mail delivery has been restored, so you should receive emails from Namecheap as usual from now on,” Namecheap CEO, Richard Kirkendall, confirmed. However, the CEO didn’t name the upstream system that was compromised.
Speculation is rife that it could be SendGrid’s email delivery service. However, it is worth noting that the third party has denied being compromised. Twilio, which owns SendGrid and got hacked last year, said that the incident isn’t a result of a compromise of the Twilio network, but they are investigating it and will provide additional details over time.