On Sunday, Feb. 12, 2023, the domain registrar Namecheap’s email account was compromised by hackers. Subsequently, a large number of individuals received phishing emails claiming to be from Metamask and DHL. These emails originated from the email platform Sendgrid, a service used by Namecheap for marketing correspondence.
Namecheap Confirms Email Account Compromise and Disables Sendgrid Services
Multiple reports indicate that Namecheap was breached on Sunday and hackers leveraged the company’s email account through the Sendgrid service. Namecheap CEO Richard Kirkendall confirmed the compromise and said the firm has disabled Sendgrid services. “To be clear, the issue was within a third-party provider that we use to send our newsletter,” Kirkendall tweeted. “None of our own systems or customer accounts were breached. I sent a follow-up email to all affected users. The domains linked in the original phishing emails were also disabled.”
According to users who investigated the sent emails, the links led to a phishing campaign attempting to steal private information from the user. For example, the Metamask email led to a fake website trying to get the user to enter their mnemonic recovery phrase. Metamask also tweeted about the Namecheap emails and told recipients to ignore the messages. “Metamask does not collect KYC information and will never email you about your account,” the company tweeted. The Web3 wallet firm added:
Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from Metamask or Namecheap or anyone else like this, ignore it & do not click its links!
Phishing attacks have been common in recent years, and hackers have used various methods to access people’s private information. According to reports, the DHL phishing email aims to provide the user with an invoice to get the user to enter payment information to resolve the fake issue. Once a user provides information like their mnemonic recovery phrase or other financial information, hackers can drain the funds from the account.
According to Beehive Cybersecurity, Namecheap’s team members took immediate action to resolve the issue. “We’d like to vouch that when we ourselves notified Namecheap of this, they acted promptly and treated it seriously,” Beehive Cybersecurity tweeted. “This is the A game of what we like to see from registrars.”
What measures could you take to protect yourself from phishing attacks like this one? Share your thoughts and strategies in the comments below.