What’s Happening We have identified a phishing campaign targeting domain owners. These fraudulent emails use the Rebel logo and mention ICANN to appear official, claiming your domain will be suspended if you do not "verify" your contact info.
These are not sent by Rebel. You can identify them by:
Sender Address: The email comes from `mailroll.mx` instead of `@rebel.com`. Suspicious Links: The "Verify" button points to `apps.emailerstack.com` rather than our secure dashboard.
What We’re Doing Our security team is working to take down the malicious URLs and block the sender's domain. We have verified that there are no actual "holds" on the affected accounts.
Next Steps & Device Cleanup If you receive this email, **do not click any links and delete it immediately.** If you have already interacted with the link or entered your credentials, please follow these "clean up" steps:
- Secure Your Account: Log in to the official Rebel.com site to update your password.
- Clear Browser Cache & Cookies: Phishing sites can sometimes leave "tracking cookies" in your browser. Clearing your cache and cookies ensures any temporary data from the fake site is wiped from your device.
- Check Browser Extensions: Review your browser settings and remove any extensions or "allowed notifications" you don't recognize.
- Run a Security Scan: Run a standard malware scan on your computer to ensure no background scripts were triggered by the site.
Why Your Account is Secure As a reminder, **Two-Factor Authentication (2FA) is enabled by default for all Rebel clients.** This means that even if a password was entered on the fraudulent page, unauthorized users cannot gain access to your account without your secondary device. Following the cleanup steps above ensures your local device remains clear of any tracking data.