Ian Becket (@IanBecket) is undoubtedly one of the leading financial investigators on Twitter. He regularly reports on financial cybercrime. Most recently, Ian outlined that domain hoster NameCheap has become the darling of pishing criminals since accepting Bitcoins as payment in Sep 2020. The UK National Cyber Security Centre (NCSC) statistic provides impressive evidence. The number of UK government-themed pishing campaigns via NameCheap exploded while GoDaddy numbers remained flat.
According to NCSC, NameCheap became the most popular host of UK government-themed phishing during
2020 and hosted 60% of the domains in this specific category.
NameCheap’s popularity is noticeable among the pushing perpetrators and in the field of scam brokers and unregulated (illegal) payment processors who increasingly register their domains there. Most recently, we have noticed IGC Trades or (www.igctrades.com) Paypound (www.paypound.ltd or ChargeMoney (www.charge.mone). We do not have any statistical data at the moment, unlike NCSC, but for sure we saw a trend over the last couple of months.
Especially in crypto scams and schemes, NameCheap is currently used preferentially. Of the last ten warnings against crypto scams the UK regulator FCA issued on 16 Feb 2022, 6 have used NameCheap.