- Namecheap, the domain name registrar, and web hosting company, had its e-mail service compromised and sent hundreds of scam e-mails to customers under the name of DHL and MetaMask.
- The API credentials for Namecheap’s e-mail platform SendGrid were exposed in December of last year. This attack is thought to be a continuation of that.
- After Namecheap’s email provider SendGrid was compromised, hundreds of subscribers received fake emails purporting to be from DHL and MetaMask.
Namecheap, a domain name registrar and web hosting firm, had its email server hijacked and sent hundreds of fraudulent emails to clients under the guises of DHL and MetaMask. Namecheap’s e-mail platform SendGrid had its API keys leaked around December last year. It is suspected that this attack is a continuation of that. Namecheap support team shared an update about the issue.
Scam e-mails impersonating companies
After Namecheap’s e-mail platform SendGrid was hacked, hundreds of users were sent scam e-mails appearing to be legitimate e-mails from DHL and MetaMask. The DHL e-mails pretended to be the mail delivery service by letting the user know their package could not arrive due to unpaid fees while the MetaMask scam e-mails warned the users about the suspension of their wallets lest they enter their Secret Recovery Phrase. Once both these legitimate-looking scam websites obtained the user information, hackers could use them as if it was their own.
Namecheap addresses the issue
Namecheap support team released a statement addressing the issue in which they confirmed the e-mail scam to be true. They added:
« Please ignore such emails and do not click on any links. We have stopped all the emails (that includes Auth codes delivery, Trusted Devices’ verification, and Password Reset emails, etc.) and contacted our upstream provider to resolve the issue. »
Namecheap also added an update to their statement 2 hours later by saying that the mail delivery was restored and that they will continue to investigate the issue with the mailing of unsolicited emails.