Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Privacy

NameCheap's Email Hacked To Send Metamask, DHL Phishing Emails (bleepingcomputer.com) 11

An anonymous reader quotes a report from BleepingComputer: Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails. After recipients began complaining on Twitter, Namecheap CEO Richard Kirkendall confirmed that the account was compromised and that they disabled email through SendGrid while they investigated the issue.

Namecheap published a statement Sunday night stating that their systems were not breached but rather it was an issue at an upstream system that they use for email. "We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you," reads a statement issued by Namecheap. "We would like to assure you that Namecheap's own systems were not breached, and your products, accounts, and personal information remain secure." After the phishing incident, Namecheap says they stopped all emails, including two-factor authentication code delivery, trusted devices' verification, and password reset emails, and began investigating the attack with their upstream provider. Services were restored later that night at 7:08 PM EST.

While Namecheap did not state the name of this upstream system, the CEO of Namecheap previously tweeted that they were using SendGrid, which is also confirmed in the phishing emails' mail headers. However, Twilio SendGrid told BleepingComputer that Namecheap's incident was not the result of a hack or compromise of the email service provider's systems, adding more confusion as to what happened: "Twilio SendGrid takes fraud and abuse very seriously and invests heavily in technology and people focused on combating fraudulent and illegal communications. We are aware of the situation regarding the use of our platform to launch phishing email and our fraud, compliance and cyber security teams are engaged in the matter. This situation is not the result of a hack or compromise of Twilio's network. We encourage all end users and entities to take a multi-pronged approach to combat phishing attacks, deploying security precautions such as two factor authentication, IP access management, and using domain-based messaging. We are still investigating the situation and have no additional information to provide at this time."

This discussion has been archived. No new comments can be posted.

NameCheap's Email Hacked To Send Metamask, DHL Phishing Emails

Comments Filter:
  • This is not the first time a online vendor has blamed the ppstream email provider 'Sendgrid' for the same type of Breach. So why haven't Sendgrid been reporting that they have been breached multiple times recently if this is the platform that is being breached? Cointracker.io recently sent a similar announcement to users and while they ware also cagey around it being Sendgrid, the haveibeenpwned website https://haveibeenpwned.com/Pwn... [haveibeenpwned.com] clarified that this was related to Sendgrid.
    • Because a poorly administered email server can fall victim to various forms of spoofing, in which case the attackers don't need to actually breach, compromise, or otherwise gain access in order to send email.
    • Seems to me Digital Ocean has tried to funnel me over to SendGrid becuausse....most of Digital Ocean has been blacklisted. Alot of spam originates from DO, so on private email servers, I'm blocking huge lists of address originating from DO, MS, and other cloud providers. Big Fruit and the other Fellers Google, Microsoft, etc Amazon etc, are all sources of spam too, so there are very few "reputable" places left to originate email from... SendGrid would for sure have have "rotating" exit IP addresses from ot
      • I actually don't see that much spam from us name brand clouds. I mostly see spam from Gmail, Hotmail, Salesforce and overseas noname hosting.
        • We used to get plenty of malicious traffic from Digital Ocean, but instead of spam it is carding attempts on our ecommerce websites. Solution? Block their ASN, and just about every other hosting provider from accessing our websites.

          Occasionally this causes a hiccup for a service that our marketing department wanted to use. I tell them to find someone else. We aren't budging. Digital Ocean and OVH (not US-based but still) never replied to any abuse reports so that is that.
          • Just to add a bit of context... *My servers* on DO could not send email to a lot of destinations, outlook, gmail, icloud, in particular, because OTHERs have blacklisted DO..... so I have to relay customer mail thru mail.baby... Do suggested using sendgrid... But typically, they want to sign you up for 10/month, 20/month, etc, if you want to send 100,000 or 1 Million emails a month. I don't. All my customers together send <1000 emails/month (not a lot of customers :-) .... so mail.baby is for my use case,
  • by QuietLagoon ( 813062 ) on Monday February 13, 2023 @10:13PM (#63291071)
    ... stating that their systems were not breached but rather it was an issue at an upstream system that they use for email.

    .

    Good, that's a great first step. Now let's talk about Namecheap's apparent lack of due diligence for the vendors it uses. Where did that aspect fail? How will Namecheap rectify this issue with their vendor?

    • It sounds like a weak smtp password that was guessed, brute forced, or stolen and insufficient other protections. Probably onus is on namecheap to not use weak passwords and/or use better security to stop their account being abused. But to some extent sendgrid should require stronger security too. But if it was stolen or phished credentials then.. better monitoring for anomalies?
  • Ya git what you pay for.

They are called computers simply because computation is the only significant job that has so far been given to them.

Working...