Feb 13, 2023 11:44:00

The mail distribution service 'SendGrid' is hacked and a large amount of fraudulent mails under the name of a major domain registration service are sent

From the early morning of February 13, 2023 Japan time, many reports have been received on the Internet that ``phishing emails in the name of the domain registration service ``

Namecheap '' have arrived. According to Namecheap's CEO Richard Kirkendall, the mass transmission of phishing emails was caused by the email delivery service `` SendGrid '' being hacked, and Namecheap's customer information was not damaged. .

[In progress] Email gateway issue - Namecheap Status
https://www.namecheap.com/status-updates/archives/74848

Below is an example of a phishing email actually sent. The mail pretends to be the world's largest shipping company 'DHL' and says, 'The package cannot be delivered because the sender did not pay the shipping fee. If you want the package to be delivered, pay $ 6.95 (about 915 yen). Please' is written.

Beware of phishing emails coming out of @Namecheap 's @SendGrid account. DHL, MetaMask, digitally signed with DKIM. Looks like low level hackers were able to get into their systems. PII looks to be exposed. pic.twitter.com/IuLE8mo2w6

— Kathy Zant (@kathyzant) February 12, 2023

In addition, overseas media BleepingComputer received a phishing email disguised as a virtual currency software wallet 'MetaMask'. The e-mail states that ``you will not be able to use the service unless you register for user authentication.''

As a result of BleepingComputer accessing the link in the email, a screen asking for MetaMask's recovery phrase and private key was displayed. However, since this page is a fake page created by an attacker, if you enter the requested information, you will be illegally logged into the software wallet and the virtual currency will be stolen.

Among the many reports of `` I received a phishing email under the name of Namecheap '' as above, Richard Kirkendall, CEO of Namecheap, said, ``We are currently investigating the problem, but SendGrid may be involved. We have now unsubscribed from all emails,' he tweeted. In addition, Hacker News, a news sharing site, said, ``To be clear, the problem lies in the third-party service we use to distribute the newsletter. ', emphasizing that Namecheap itself was not attacked.

We are looking into this now, it may be related to this https://t.co/4nYcpaJZSC as we use sendgrid.

— Richard Kirkendall (@NamecheapCEO) February 12, 2023

After that, at 09:08 on February 13, 2023, Namecheap announced that mail delivery was restored. In addition, it is said that the investigation into the mass transmission of phishing emails will continue to be conducted.