Dynadot

warning Concerning e-mail from NameCheap

Spaceship Spaceship
Watch
Impact
3,872
I've just received a weird e-mail from NameCheap (attached below). It was sent from [email protected] (IP 149.72.141.59 - passed SPF, DKIM, DMARC) to the mail address I'm using with NameCheap, using my name&surname, and the links in the mail are under links.namecheap.com. If it's not a breach I don't know what it is...

1676236912872.png
 
Last edited:
25
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Last edited:
2
•••
1
•••
14
•••
7
•••
Last edited:
11
•••
I received the same from two suspicious emails @namecheap !!


1676241115424.png



1676241308274.png

1676241364891.png



1676241196120.png



.
 
Last edited:
1
•••
Statement from Namecheap:

https://www.namecheap.com/status-updates/archives/74848

The most important part:

"your products and account details are not affected by this issue."
This is kind of a big deal.

Dear Customers,

We have evidence that the upstream system we use for sending emails is involved. We have stopped all the emails and contacted our upstream provider to resolve the issue.


As a result, some unauthorized emails might have been received by you.

Please ignore such emails and do not click on any links. We are currently investigating the situation.

Once we have any news from the responsible team, this post will be updated right away.

Please rest assured that your products and account details are not affected by this issue.

We apologize for any inconvenience during this issue and thank you in advance for your patience and understanding.
 
5
•••
This is kind of a big deal.

Dear Customers,

We have evidence that the upstream system we use for sending emails is involved. We have stopped all the emails and contacted our upstream provider to resolve the issue.

As a result, some unauthorized emails might have been received by you.


Please ignore such emails and do not click on any links. We are currently investigating the situation.

Once we have any news from the responsible team, this post will be updated right away.

Please rest assured that your products and account details are not affected by this issue.

We apologize for any inconvenience during this issue and thank you in advance for your patience and understanding.

Yes, that part is important but at least we know that Namecheap itself hasn't been hacked.
 
3
•••
Last edited:
5
•••
I received those same emails too. But didn't click. So, I headed to Namepros right away to check any updates about this.

So the email service was only that got hacked.

Regardless, I'm still moving my domains out of Namecheap. :xf.grin:
 
Last edited:
1
•••
This is kind of a big deal.
Yes, if they have been hacked, and now emails are being sent, that is a big deal.

So Namecheap is indicating that it is an upstream provider security issue?

Perhaps they should also check for potential hacking involving their recurrent Fast Transfer authorizations showing up unexpectedly. This has been a recurrent problem recently for me, including at present. Since it involves domains also showing up unexpectedly at GoDaddy auctions and Afternic, there is certainly a security concern here.

Not a good day for Namecheap. Hopefully they are able to quickly rectify both situations.
 
0
•••
2
•••
I hope no one became the victim of this phising email. I am almost click it, but I realized my Metamask is using my other email. I had a valuable NFT given by my boss there, it is bought by a sum of money, so it makes me panicked. And after check it the email is from namecheap 😃..

IMG_20230213_070626.jpg
 
0
•••
2
•••
Others got email from [email protected] and I got from [email protected]. Namecheap should investigate their new employee, just make sure no one from internal doing something bad. It seems sent by 2 different emails from Namecheap
 
0
•••
2
•••

That's a pretty damning headline -

NameCheap's email hacked to send Metamask, DHL phishing emails​


This is not something that can just be dismissed as no big deal.

People can actually lose assets because of this.

Sure, you should not be clicking on random links in email for things like MetaMask, but at the same time when the emails are actually coming from NameCheap...that is a big deal.

Brad
 
Last edited:
3
•••
2
•••
Last edited:
4
•••
Thanks to @pb for starting this thread on NamePros.
 
12
•••
Got them here in PH . They did look suspicious from the start . They just got deleted .
 
0
•••
Yes, thanks for the alert by starting this thread, @pb I did not personally get either email, so they must not have gone to all NC customers.

Namecheap now have an update that service has been restored (they had stopped any emails including auth codes).

I hope we will learn more from Namecheap after investigation is complete.

-Bob
 
4
•••
These third parties can be a nasty attack vector with major consequences for domain owners. For example, last year I explicitly requested a registrar to a) no longer include all individual authorization codes for all domains when requesting the domain portfolio (this could not be turned off, the auth codes were always included), b) arrange downloading of the portfolio through the trusted, TLS secured website of the registrar instead of emailing unsecured CSVs with all auth codes through the external third party mail service, and c) more often use direct URL links to the registrar's website in email communications, for example when it comes to opt-ins for Afternic .
 
Last edited:
7
•••
Last edited:
2
•••
Last edited:
6
•••
Back