Signs of suspicious activity in your Namecheap account:
-
You cannot log in to your account.
-
You see orders you did not place.
-
You received an EPP code you did not request, or you see your domain(s) missing.
-
You received a password reset email you did not request.
-
You received a 2FA/Trusted device notification you did not request.
Your Hosting or Email account has been compromised:
Signs of suspicious activity in your Namecheap account
Make sure that:
- There isn't a typo in your username or password.
- Your Caps Lock is turned off, your keyboard is in the right language and you have entered the correct password.
Next:
Check your
Order History and see if any of your services have been set to automatically renew.
If the orders were not authorized by you:
- Change your password.
-
Enable Two-Factor Authentication and Security Notifications.
- Check other settings or changes in the account (personal information, address details, services, payment methods etc.).
-
Contact our Support Team.
An EPP code can only be requested from your Namecheap account and the notification will be sent to the email address specified in the domain registrant contact information.
If such a situation occurred and you still have access to the account:
- Change your password.
-
Enable Two-Factor Authentication.
-
Reset the password for your email address(es) (as they might be compromised as well).
- Check the other settings or changes in your account (personal information, address details, services, payment methods etc.).
- If you see that your domain is missing, please contact our Support Team and we can assist you further.
Often this means that someone has entered your details by mistake because they have a similar username or domain. If your email is secure, no one will be able to access your account except for you, even after the password reset request.
If you are afraid your credentials might have been compromised:
- Update the email address and password on your Namecheap account (as well as any other online accounts that use the same login details).
-
Enable Two-Factor Authentication.
- Check whether any unauthorized changes (e.g. unauthorized orders, charges etc.) were placed in your account, and if you find any changes contact our Support Team and we can assist you further.
If you received 2FA/Trusted device notification you did not request it means that the credentials to your Namecheap account might have been compromised and accessed by another person.
However, your account will remain secure until you confirm logging in from your device. Please update the password for all the accounts linked and secure them accordingly.
If you are afraid your device might have been compromised:
- Scan your device for any keyloggers or malware.
- Secure or update the email address and password on your Namecheap account (as well as any other online accounts that use the same login details).
- Secure your device and email address, enable Two-Factor Authentication.
- Check whether any unauthorized activity was performed in regards to your Namecheap account. If you see any, contact our Support Team so that we can assist you accordingly.
Your Hosting or Email account has been compromised
If your hosting service has been compromised, it does not necessarily mean your Namecheap account has been accessed by a third party.
- Strange content on your website.
- Spam mailing from your email account (if you noticed any outgoing spam from your mailbox, please contact us to prevent suspension of your mail service).
- Notification received regarding suspicious login activity to your hosting account.
If you believe that your cPanel has been compromised we recommend the following:
For securing your Email Subscription, please follow the instructions described
in this article.
If you faced any unauthorized activity targeting your account or services and would like us to investigate the issue,
contact our Support Team.
PLEASE NOTE: During our investigation your Namecheap account and the domains can be temporarily locked for any modifications for security reasons. However, this does not imply any downtime to your services.