Namecheap email system hacked to send phishing emails

A domain name registrar known for its low prices, Namecheap has its mail system hacked. Some users found that they received a phishing email from Fortunately, the DHL phishing email pretends to be a bill for a delivery fee required to complete the delivery of a package, rather than a Namecheap domain name registration, renewal, or account password change.

So at least the user’s domain name is safe, but if you, unfortunately, pay the so-called courier fee or provide the bank card information in the DHL express, it is recommended to contact the bank immediately to freeze the card.

Image: lemogbenga

Twitter user @Lemogbenga who first discovered this problem got a response from @Namecheap on Twitter, and the investigation found that the Namecheap system itself is no problem.

There is a problem with the third-party mail system used by Namecheap. Namecheap itself does not send these emails. The provider that provides mail delivery for Namecheap is pushing emails using the domain to users for unknown reasons.

However, it is still unclear whether it is hacked or simply a problem with the mail system. Namecheap is still contacting the mail provider to troubleshoot the problem. At the same time, based on security considerations, Namecheap stopped sending email verification codes, trusted device verification confirmations, and password reset emails to prevent phishing emails from stealing users’ sensitive data.
We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you. We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure,” the company wrote.
According to the instructions posted on the Namecheap blog, the current mail system should have recovered and can receive mail again. Namecheap is still investigating the previous issue and will update the information soon.