by NamecheapCEO on 2/13/2023, 12:39:35 AM
by cortic on 2/13/2023, 9:21:40 AM
NameCheap have been training their customers to be vulnerable to this for years. When your account gets suspended (in my case for using VPN to login) they send you an email telling you to go to a privately registered domain (not referenced on their site) and do a cam show with your credit card.. Support is so slow they have already shut down your account before you get a response. I lost a domain and only got a partial refund.. dreadful service, and expensive compared to alternatives.
by pier25 on 2/13/2023, 12:20:45 AM
by Scoundreller on 2/13/2023, 3:03:05 AM
Checked my emails, didn't find anything, but looking through gmail spam box, I got a DHL one:
Subject: Your parcel was not able to be delivered
Sender: contact <hello@namecheap.com>
> Dear Client,
> We regret to inform you that your parcel was not able to be delivered on the specified date, xx/02/2023. The parcel is currently located in the DHL warehouse near your town.
> The reason for the delay was that the sender did not pay the necessary fees for the delivery. To avoid the parcel being returned, we ask that you pay the fee of 6.xx USD. You can track your parcel and pay the fee by clicking the tracking button.
> Track and Pay >> > DETAILS
> Order number: xxxxxxxxxxxx
> Total: (x.xx USD)
> Delivery is planned between: xx.02.2023 - xx.02.2023
> Once the fee is paid, we will be able to deliver the parcel . We apologize for any inconvenience caused and thank you for your understanding. Sincerely,
> The DHL Team
Link URL is: https://links.namecheap.com/u/click?_t=[long tracking info redacted]
Tried following the link in TOR and on a virtual machine, both get just a 2 word "Unauthorized Access", but it redirects to: hxxps://accomplish-delivery . mysafebridge . info/WorldwideDelivery0/auth/dhl/index.php?utm_source=Iterable_Marketing&utm_medium=email&utm_campaign=MKTG_CRM_Welcome_Hosting_D5_WF_20221118
Slightly modified it to make it non-clickable
by Something1234 on 2/13/2023, 12:25:59 AM
Just received a bunch of cryptocurrency phising spam from their domain. Definitely pretty interesting, and they were actually fairly well done with a proper link text, but an incorrect link.
by foverzar on 2/13/2023, 2:27:22 PM
Fuck NameCheap. I have no sympathy towards them after they decided to kill the service for my account, just because I happened to be born in Russia, without even refunding.
Ironically, after all that high morals grandstanding, they are still sending me notification emails "reminding to prolong a yearly subscription". Like, WTF.
by ianbutler on 2/13/2023, 3:07:33 AM
I got one of these earlier. I found it highly suspicious that the sender was "Namecheap".
I'll admit my first thought was a cheeky way to validate my ICANN info but I quickly waved that away and figured it was phishing.
by 878654Tom on 2/13/2023, 8:48:40 AM
Jup, got one as well. That the fee was in USD immediately triggered my mental spam alert (living in Europe). But when checking the headers I could not find any indication this was a spoofed message. That the link was also first a valid link to namecheap made it also harder.
I was still very paranoid so I opened it in a non-Javascript, private browser but it seems that my DNS with anti-spam filters already picked it up as the destination was not being resolved.
by splittydev on 2/13/2023, 12:21:34 AM
Seems like the hackers also had access to at least some customer data. Several people I know who were also Namecheap clients, including me, received those emails. Whether that data was also stored with the upstream provider remains to be seen. Might be an even bigger deal.
by FpUser on 2/13/2023, 2:45:41 AM
Got one today. Funny I was actually expecting a package. Of course the email is for suckers as it has more than enough clues about being scam but I guess some poor souls might actually fall for it.
by ChrisMarshallNY on 2/13/2023, 10:05:47 AM
I’m pretty sure that either NameCheap or Rackspace was hacked fairly badly, sometime in the not-so-distant past.
How do I know this?
Attempted fraud on a business card that is only used for those two places.
by antifa on 2/14/2023, 4:49:19 AM
It wasn't the first crypto/NFT email I've gotten from namecheap, I just assumed it was real and they were getting shadier.
by LAC-Tech on 2/13/2023, 12:30:09 AM
God damn it, my main business email account is namecheap. I am so sick of them, they let so much spam in to my inboxes as well.
If I have a domain from namecheap, and an email address with that domain, can I transfer it to something solid like outlook or gmail? My idea of how email works is really fuzzy.
by dvngnt_ on 2/13/2023, 1:37:29 AM
yeah I got the same email sent to two different accounts.
it was pretty obvious though lol
by codazoda on 2/13/2023, 12:29:17 AM
I wonder who the upstream is? I’m guessing a large email provider. Maybe owned by a company with a history of recent breaches.
by toomuchtodo on 2/13/2023, 12:38:21 AM
by walrus01 on 2/13/2023, 12:09:27 AM
some more details here: https://mailman.nanog.org/pipermail/nanog/2023-February/2216...
To be clear, the issue was with a 3rd party provider that we use to send our newsletter. None of our own systems or customer accounts where breached. I sent a follow up email to all users that were affected. The domains linked in the original phishing emails were also disabled. I apologize for this issue and to anyone it may have affected. We have also taken immediate steps to insure it will not happen again.