Domain registrar Namecheap blamed a “third-party provider” that sends its newsletters after customers complained of receiving phishing emails from Namecheap’s system.
CEO Richard Kirkendall appears to have named the provider as SendGrid in a since-deleted tweet this morning.
More than one customer noted that the emails – which purported to be from DHL and crypto-asset wallet provider MetaMask – were digitally signed with DKIM and received at distinct emails they’d assigned solely for comms with Namecheap.
The DHL emails – reproduced by several users here, here and here – dangle the phisher’s favorite lure: just pay this delivery fee and you’ll get this sweet package.
The MetaMask phish, on the other hand, asked owners of its crypto wallets for “Know Your Customer” (KYC) information. MetaMask is a digital wallet that allows you to store and use Ethereum tokens and does not require KYC process as it is not subject to regulations meant for “financial services” providers like banks. If you’ve got any MetaMask pals whose wallets were drained, you can tell them this is because MetaMask doesn’t provide any financial services. Too late, it seems, for a Twitter accountholder calling themselves redcheeks, who said they’d lost all their Ethereum.
We note that not all customers were impressed with Namecheap’s finger pointing. One user complained: “You’re missing the point entirely. The burden of responsibility doesn’t go away if they share information to a 3rd party, no matter the reason.”
Kirkendall’s Twitter account responded to this early this morning,