Namecheap email delivery system has been breached and it is being used to send spam emails with the subject “your parcel was not able to be delivered”.
Namecheap DHL package delivery emails
On February 12, 2022 Namecheap email sending system was breached. Customers started receiving unsolicited emails that their DHL parcel was not delivered because of unpaid fees. At the end of the email body was a phishing link that if clicked directed you to a payment page designed to look like Namecheap. Some users have reported that they clicked on the link and made payments to a fake account.
Other users received an email that their Metmask wallet is about to be suspended because of KYC verification. This required clicking a spam link that redirected to a page that harvests your KYC details.
Namecheap has responded to the breach and indicated that their hosting system was not breached and that the issue only affected the emailing system.
It is rare to hear that an email system has been hacked. What mostly occurs is spoofing where emails are sent from a person that pretends to be some company or person. These days, spoofed emails are easily detected by email spam filters and marked as spam. Therefore, very few of them will make it to your primary inbox. However, Namecheap’s incident involved hacking the email system and sending spam emails from the real domain. This is difficult for spam filters to detect which is why most of the fake DHL emails did not go to the spam folder. We suspect that Namecheap API keys for email delivery were compromised.
This is not the first time Namecheap has had issues with phishing emails. On May 13, 2022, Namecheap wrote to its customers warning of rising spam emails targeting them.
If you accidentally clicked on the spam link or made any payment, you can submit a ticket to name cheap using Namecheap Support.