Domain registrar and hosting service Namecheap’s customers got an unexpected message from the company this weekend informing them that they need to pay a $6.95 fee to complete a DHL parcel delivery. However, the message is a phishing scam made to look real using the official Namecheap.com domain.

Discerning users spotted the phishing email and reached out to Namecheap CEO Richard Kirkendall via Twitter. The company chief replied that the company was looking into the issue and shared a Cybernews story that reported an API leak involving third-party email clients MailChimp, Mailgun, and Sendgrid, alluding that this incident may be connected to the phishing scheme.

@Namecheap could you please check if any of your mailing server hasn’t been compromised.
I have received couple of unsolicited email. Security details shows that it was signed by one of your servers. pic.twitter.com/38epPYjS42

— Ruby (@rubie_shell) February 12, 2023

About two and a half hours later, the same customers received an update email from Namecheap, informing them that an “upstream (third party) system” was used to send emails in the company’s name and that further emails would be suspended until the problem was resolved. The company stressed that hackers did not breach its system and that personal information, products, and accounts were safe.

“We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure.”

Phishing scams that use official-looking domain names in their email from and reply fields are particularly pernicious because one of the first ways to detect a phishing message is to check which email domain a suspicious message came from. When customers see the official website of a company they patronize and trust, they’re far more likely to follow a link and give their personal information to hackers. Namecheap requested that customers ignore the phishing emails and advised them not to click on any links contained in the fraudulent messages.

In the early evening, Namecheap informed customers that the issue that caused the phishing messages to be sent was fixed and that standard mail service would resume. However, the company is still investigating the phishing emails and will keep customers updated on the matter.

Source: Namecheap