Our security team is currently managing a coordinated phishing campaign where external attackers are impersonating Rebel.com to harvest user credentials.
Our Actions: We have identified the third-party platforms being used to host these fraudulent pages and send these emails. We have initiated formal takedown proceedings with all involved service providers and are monitoring the situation closely.
Current Status: We are awaiting final processing of these takedown requests. In the meantime, we have updated our internal filters to help mitigate the impact.
User Advisory: Do not click links in emails that direct you to unfamiliar domains (e.g., sendzing.com). Official Rebel.com communications will always direct you to our verified domain.
If you believe your account has been compromised, please reset your password immediately and contact our support team.
Posted Feb 14, 2026 - 09:25 EST
Monitoring
We are currently investigating a phishing campaign targeting Rebel.com customers.
The Incident: Fraudulent emails are being sent with subjects such as "Action required: Please confirm your contact info" or "WHOIS Accuracy Program." These emails appear to be from Rebel.com but are sent from the domain @valleue.com.
Current Actions: We have identified the malicious landing page at sendzing.com/rebel.com/. Forensic reports have been filed with the involved service providers, including Amazon SES, GoDaddy, and Network Solutions, to disable the sending accounts and take down the fraudulent site.
User Guidance: Please do not click any links in these emails. If you have already interacted with the link and provided information, please change your Rebel.com password immediately as a precaution.