Namecheap Customers Flooded with Phishing Emails

Customers of a popular domain name registrar have been hit with a wave of unsolicited emails over the past day, after a suspected issue with a supplier.

Namecheap, which claims to have over 16 million domains under management, released a brief statement on Sunday to explain what happened.

“We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you,” it said.

“We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure. Please ignore such emails and do not click on any links.”

Customers took to Twitter to post screenshots of some of the phishing emails they were sent. These included messages purporting to be know your customer (KYC) verification checks from cryptocurrency wallet firm MetaMask.

The firm was forced to issue a warning to customers via Twitter.

“MetaMask does not collect KYC info and will never email you about your account,” it said. “Do not enter your Secret Recovery Phrase on a website ever. If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it and do not click its links.”

Another variation of the phishing messages sent to Namecheap customers appeared to use a DHL lure, claiming a package couldn’t be delivered and requesting the recipient pay a fee for redelivery.

If the phishing messages were indeed sent from a compromised Namecheap provider, they would have had a better chance of bypassing customers' anti-phishing filters.

Namecheap said yesterday it temporarily suspended all emails, including those delivering authentication codes delivery, verifying trusted devices and resetting passwords.

An update late on Sunday evening claimed the issue had been resolved.

“We are glad to let you know that the mail delivery has been restored, so you should receive emails from Namecheap as usual from now on,” the firm concluded.

“We continue to investigate the issue with the mailing of unsolicited emails. We will keep you updated on the matter.”

Editorial credit icon image: monticello /

What’s Hot on Infosecurity Magazine?