- NameCheap discovered the illegal usage of one of their third-party services to send several emails that specifically targeted users of MetaMask.
- After receiving the initial notification, NameCheap confirmed that its mail service had resumed within two hours.
Investors have been cautioned of continued phishing attempts by con artists seeking to contact customers through NameCheap’s third-party upstream system for emails, according to popular cryptocurrency wallet provider MetaMask.
On the evening of February 12, the web hosting provider NameCheap discovered that one of their third-party services had been abused to send some unwanted emails that specifically targeted users of MetaMask. Namecheap referred to the incident as an “email gateway issue.”
The SendGrid email platform, which Namecheap utilizes to send marketing emails and renewal notifications, is where the phishing campaign started. In the phishing emails, it was claimed that the cryptocurrency wallet Metamask and logistics company DHL was sending the emails.
According to the DHL emails, a package delivery was unsuccessful because the sender forgot to pay the required delivery price. The email receiver must pay the cost themself in order to continue with the transmission. The user will be taken to a bogus DHL page that seeks to steal their private information if they click the “Track and Pay” option.
By proactively contacting its million users, MetaMask informed them that it never reaches out by email to discuss account details and does not collect any information about your know-your-customer (KYC) profile. MetaMask said:
“MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER.”
The fake MetaMask webpage that the hacker links to in their phishing emails requests a Secret Recovery Phrase “to keep your wallet secure.” Investors were advised by the wallet provider to refrain from providing seed phrases because doing so gives the hacker total control over the user’s money.
NameCheap further reaffirmed that neither its services nor customer information were compromised in this event. Additionally, NameCheap verified that its mail delivery had been restored and that, going forward, all communications would come from the official source within two hours of the initial notification.
The major problem with sending unwanted emails, though, is still being looked at. Investors dealing with messages from MetaMask and NameCheap are recommended to double-check website links, email addresses, and points of contact.