New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
$7
I can confirm too. I also received a fake (phishing) "DHL package delivery" notice by email from NameCheap. In the email header (recipient) they are used my full and real name.
Later I received an official email from NameCheap about the incident.
Scam email: https://imgur.com/a/AazDnSY
NameCheap email: https://imgur.com/a/eSNkDix
Sounds like their newsletter / mailing list at Sendgrid got compromised? Or did whole of Sendgrid get Compromised?
So many different phishing messages from NameCheap, but no message about Viagra. It's good to know we are a very healthy community.
By looks of those e-mails (and lack of e-mail here, I am unsubscribed ;')) I would assume newsletter/mailing - those e-mails even have NameCheap branding, footers, all the fancy links - someone most likely re-using defined $template and only inserting theirs phising shit as body of template?
From HN:
NamecheapCEO 3 hours ago | next [–]
To be clear, the issue was with a 3rd party provider that we use to send our newsletter. None of our own systems or customer accounts where breached. I sent a follow up email to all users that were affected. The domains linked in the original phishing emails were also disabled. I apologize for this issue and to anyone it may have affected. We have also taken immediate steps to insure it will not happen again.
Who order stuff via DHL from Namecheap?? that type of email go to my trash without blinking!
It’s sounds like the Viagra not in trend of 2023 😂😂😂 DHL and crypto is more popular.
Majority of email marketing companies do support 2FA, so it’s sounds like in Namecheap they did use very weak password or issue with security as admins unaware how to secure, so if this a case so good luck to all customers who host with them!
Namecheap really had their great days. I really can’t recommend them. As they asked for pictures of my CC from the front and back I quit them and moved all domains away. Yes it was the first time I was using the new CC and not PayPal, but that was too much.
I got the (2) metamask phishing emails only.. 2023-02-12 created 16:21 & 16:53
Nothing from NC until just a couple minutes ago when I sent the phishing emails to abuse -- so they apparently do not know who was hit with these in reality..
RE:
"To be clear, the issue was with a 3rd party provider that we use to send our newsletter. None of our own systems or customer accounts where breached. I sent a follow up email to all users that were affected. The domains linked in the original phishing emails were also disabled. I apologize for this issue and to anyone it may have affected. We have also taken immediate steps to insure it will not happen again."
..and FWIW, I don't have any relationship with metamask nor KYC -- first time I've even heard of those two actually. lol
Sendgrid support 2FA, so no excuse for NameCheap just luck of administration:
https://docs.sendgrid.com/ui/account-and-settings/two-factor-authentication
SpamGrid is famous for their dogshit security track record. Purchasing and managing domains at NameCheap is safe and effective.
The hacker probably got a cookie, most hacks these days are from stealers that dump all the cookies from browsers so the hackers dont need to have a password or 2fa for access. Its been happening a lot to youtubers.
John Hammond in a writeup on malware he was sent:
Oh those cybercriminals
One thing that would help is if websites would offer a setting that allows users to require authentication for every session.
I am seeing more websites with a "login" that is not really an enforced login. You click on the login button but it bypasses authentication and brings you straight to the good stuff because of the cookies in your browser. If you want to ensure true authentication each and every time, you must explicitly (and manually) click the "Sign Out" or "Log Off" button or link whenever you are done with the session.
A little follow up - the e-mail database has been used in another attack and likely been resold.
There was another phishing campaign around February 19th using the
crowdskout.com
domain. That was a week after Namecheap's announcement.Namecheap claimed to have sent a follow up email to all users that were affected. That is untrue since I have not received a follow up e-mail from Namecheap despite receiving the spam. I believe Namecheap cannot figure out the entire extent of the hack and all the affected e-mails.
that sucks.
a lot of incompetence it seems.
o6.mailservice.namecheap.com
dkim=pass header.i=@namecheap.com header.s=s1 header.b=ytMrl752;
dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b=XrHz1Vsu;
spf=pass (google.com: domain of bounces+4793763-5b0a-replaced=gmail.com@mailserviceemailout1.namecheap.com designates 167.89.64.95 as permitted sender
AS11377 167.89.64.0/19 SendGrid, Inc.
Their main problem is lack of transparency. They have SendGrid integrated across their systems, not just the marketing emails. Up until recently at least, all their transactional emails were coming from SendGrid (you can check any email you got from them). It is safe to assume that their SendGrid account wasn't actually bruteforced but rather someone got the credentials from a breach. We can also assume that if someone got the credentials for SendGrid, they probably also got access to their code or databases or other stuff.