HQ/EMEAFind out how we can help your business
A recent security breach in the domain registrar platform, Namecheap, had led to a massive phishing campaign impersonating MetaMask and DHL to steal customers’ data and funds from cryptocurrency wallets.
According to the domain registrar, the unknown hackers had breached a corporate email account, allowing unauthorised access to their networks. The email platform Namecheap used was ‘SendGrid,’ which the company utilises for sending marketing emails and renewal notices to clients.
The domain registrar platform received multitudes of complaints from users all across social networking sites about receiving malicious emails that impersonated MetaMask and DHL. Subsequently, Namecheap’s CEO released a statement to confirm the issue.
Namecheap attributes the security incident to the API keys exposure of Mailgun, MailChimp, and SendGrid in mobile applications reported last December.
In the malicious emails observed regarding the impersonation of the DHL shipping company, the threat actors required the victims to verify their accounts through the KYC (Know Your Customer) method so that their wallets would not be suspended.
Once the victim clicks on the attached link, they will be redirected to a phishing website that could steal all information entered. The attackers also employ a sense of urgency in the emails to trick the victims into making prompt actions under pressure.
The researchers also noted that the malicious email contained a link from Namecheap, which redirected the targets to the malicious webpage that impersonated DHL and MetaMask.
In the MetaMask impersonation, the threat actors will require the victims to provide a recovery phrase or a private key to allow them to import the wallet and its funds to their wallets, draining the victims’ digital asset funds empty.
Due to these issues, security researchers, alongside Namecheap’s management, strongly advise people to delete suspicious emails from hackers that impersonate other companies. People must also refrain from clicking on attached links or downloading files from emails, as they could be infected with malware or be tricked by a phishing page.
