MetaMask issues scam alert as NameCheap hacker sends unauthorized emails

cointelegraph.com:

Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails.

On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue."

⚠️MetaMask does not collect KYC info and will never email you about your account!Do not enter your Secret Recovery Phrase on a website EVER.If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK

In the proactive alert, MetaMask reminded its million followers that it does not collect know-your-customer (KYC) information and will never reach out over an email to discuss account details.

The phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting Secret Recovery Phrase “to keep your wallet secure.”

The wallet provider advised investors to refrain from sharing seed phrases as it hands over complete control of the user’s funds to the hacker.

We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure.We will update status post once the issue is solved https://t.co/2xJ362KF0f

NameCheap further confirmed that its services were not breached and that no customer data was leaked in this incident. Within two hours of the initial intimation, NameCheap confirmed that its mail delivery was restored and that all communications henceforth would be from the official source.

However,