Hackers have managed to use Namecheap’s inbox to send out phishing emails to the company’s customers.
Namecheap users have flocked to Twitter to warn of the scams, which impersonate either DHL, or the cryptocurrency hot wallet, MetaMask. The DHL emails claimed the victims need to pay a delivery fee to receive a parcel, while the MetaMask email urged victims to complete the KYC (Know Your Customer) process or lose access to their wallets.
The company blamed a third party for the incident, but that third party denied being compromised.
Blaming the email delivery service
Both emails carried a link that redirected the victims to a landing page designed to steal sensitive information.
Soon after, Namecheap CEO, Richard Kirkendall confirmed the compromise of the company’s email, saying the company had disabled sends through SendGrid while its investigation is ongoing. Sendgrid is an email delivery service that Namecheap usually uses to send renewal notices and newsletters.
Later, Kirkendall blamed an “upstream system” for the incident, saying that Namecheap itself was not compromised.
"We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you," the company said. "We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure."
Kirkendall did not name that upstream system, which prompted some sources to assume he was referring to SendGrid. However, the email delivery service said it wasn’t them, causing further confusion.
“This situation is not the result of a hack or compromise of Twilio’s network,” said Twilio SendGrid. “We are still investigating the situation and have no additional information to provide at this time.”
- Check out the best firewalls
Via: BleepingComputer
