Categories
News Opinions Security

Namecheap and Phishers

Are they doing enough to protect victims? I don’t think they are.

I recently had a look at some of the Phishing websites I could find; mainly to see how these scammers are operating and what kind of Phishing campaigns they run.

It wasn’t too hard to find many Phishing websites by reviewing Twitter, Pastebin, and other sources. What did surprise me though is the sheer quantity of Phishing websites that are hosted by Namecheap. So much in fact that I believe Namecheap are largely responsible for a lot of the Phishing websites online. According to Petscams.com, 38% of scam domain names reported to them since 23rd August 2017 are sponsored by Namecheap. That’s insane! Their approach to dealing with these websites appears relaxed and under-resourced. Where they profit by selling these services, they have a responsibility to ensure they are not used inappropriately. I believe they are putting profit before this responsibility.

In my search for Phishing websites this morning, I identified the following URLs:

  • hxxps://ee-securebilling.com/ (198.54.115.105)
  • hxxps://netflixbilling-info.com/ (198.54.115.105)
  • hxxps://dvla.gov.uk-rebate.ltd/ (68.65.122.147)
  • hxxps://tickform-instagram.com/ (198.54.116.4)
  • hxxps://new-mythreepayment.com/ (198.54.116.224)

Every single one of these URL’s was/is hosted by Namecheap. Every new website I found continued with the same pattern. Namecheap Namecheap. Namecheap. Between them, they collected various bits of information from victims including dates of birth, credit card and bank details, e-mail addresses, and passwords.

Each of these URL’s were also reported to them between 9:00AM-11:10AM UK Time. A support representative replied to all tickets at 12:06PM advising they were investigating. At the time of writing this post, it is now 2:00PM and with the exception of the EE website which looks like it has been deleted by the phisher, all websites are still active actively phishing victims. I don’t feel it takes that much investigation from Namecheap for them to ascertain they’re not legitimate websites. I do not believe they are acting fast enough, and I think they have something to answer for. Real victims are being scammed. Real victims are losing their money. Namecheap do not seem to understand this.

Fraudsters are obviously using Namecheap’s services due to their relaxed approach at suspending them.

Interestingly enough, Facebook also litigated against Namecheap eariler this year.

The social networking giant claims that Namecheap has refused to cooperate in an investigation into a series of malicious domains that have been registered through its service and which impersonated the Facebook brand.

https://www.zdnet.com/article/facebook-sues-namecheap-to-unmask-hackers-who-registered-malicious-domains/

I have a few domain names registered with Namecheap, and whilst they probably make very little profit off of them, I cannot continue to support a company with such a relaxed approach to scams, and will be transferring them away shortly. I suggest you do the same.

Categories
Podcasts

DarkNet Diaries

I’m not sure whether you have all heard of DarkNet Diaries, but if you haven’t, I strongly recommend it.

DarkNet Diaries is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.

I’ve never listened to podcasts generally as they’ve never taken my interest, but since starting DarkNet Diaries, I have been hooked, and have listened to every episode. Each episode goes into a great level of detail, so it is very interesting hearing about these security stories every other week (episodes are released every other Tuesday).

Some of my favourite episodes:

  • Episode 4 – Panic! At the TalkTalk Board Room – this episode covers the October 2015 breach at UK Internet Service Provider TalkTalk.
  • Episode 18 – Jackpot – A man addicted to gambling finds a bug in a video poker machine that lets him win excessive amounts of money.
  • Episode 29 – Stuxnet – Stuxnet was the most sophisticated virus ever discovered. Its target was a nuclear enrichment facility in Iran. This virus was successfully able to destroy numerous centrifuges. Hear who did it and why.
  • Episode 30 – Shamoon – Saudi Aramco was hit with the most destructive virus ever. Thousands and thousands of computers were destroyed. Herculean efforts were made to restore them to operational status again.
  • Episode 31 – In late November 2018, a hacker found over 50,000 printers were exposed to the Internet in ways they shouldn’t have been. He wanted to raise awareness of this problem, and got himself into a whole heap of trouble.
  • Episode 33 – RockYou- In 2009 a hacker broke into a website with millions of users and downloaded the entire user database. What that hacker did with the data has changed the way we view account security even today.
  • Episode 36 – Jeremy from Marketing – A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned.

This is just a small extract of some of my favourite episodes. If you haven’t listened already, you can listen to them here.