This can happen to anyone. One day your account may be successfully hacked. You should remember that this is not the end of the world and if you act quickly, you can minimize any damage done.
We are engaged in a never-ending battle between Email Service Providers, email servers and spammers. This fight has gone on for so long that some of us even start to make fun of it, but the dangers are real and should never be ignored. Because of this, today we'll show you what to do if your account got hacked.
How to spot if my account has been hacked?
There are a few things that may give you a hint that someone has gained access to your account and is messing around
We send notifications of suspicious or new logins. When an untrusted device accessed your account, you will receive email notification of a login from a new device. If it is you that logged into your account, you can click on the link to trust the device so that we won’t notify in the future regarding logins from that particular device. The subject of the email will be “Security alert for your Elastic Email account”. We will also provide information including the time and date of login, the device, the browser, the system, the country, and the IP address that the login originated from.
You have trouble logging in. If you can't log into your account
You get autoresponder messages you didn't expect. Often hackers act very quickly and start sending spam almost immediately after breaking in - so quickly, that they don't even change the crucial settings. If they didn't bother to change the "reply to" email address and start sending mass spam campaigns, very soon you may start receiving autoresponder messages from some of the mailboxes. If you are sure these haven't come as a response from any of your own campaigns, this is a red flag saying that probably someone is sending emails on your behalf.
Weird data in the logs section. Usually, most people who send emails professionally are in a love/hate relationship with all the statistics that come with this. They are always trying to make them better and always curious about how the next campaign will perform. If you send a lot of emails every day, you may not even notice that someone else is also sending spam from your account. The changes in statistics that may make you suspicious would be a sudden rise in complaints and/or bounces due to invalid email addresses. Spammers' contact lists are usually poor. There will be plenty of bounces, invalid email addresses, and complaints impacting your statistics. If you see any of this occurring in your account, do a manual check and try to establish if this is coming from you. If not, this might mean that your account has been compromised.
Account status changed to blocked/under review. Elastic Email has several security tools in place to prevent sending spam from your account. If we notice an account that is trying to send suspicious content, our algorithms or team members might place the account under review and pause the account until the case can be explained. These actions are done in order to protect your account's reputation. A review can at times be triggered when an email simply looks suspicious, but it could also mean that someone has tried to send spam from your account.
What should I do if my account got hacked?
Stay calm. This is not the end of the world and we have you covered. First of all, you should contact us and inform us that you think your account may have been hacked. Then, we will help you out immediately.
Scan your devices. A phone, laptop or any other device that you use may need scanning. Check it for malware, viruses or trojans that might steal the password again.
Scan your website. Do this especially if you have scripts in your
Change your API Key. Do this even if you don't use it for your applications. If someone has had access to your credentials, they may have had a peek at your API Key. This might be enough for them to mess around. Changing it is actually very easy and might save you a lot of trouble. You just need to press one button.
Change the password for your account. Make sure that the contact email is set for your address (in case the hacker has changed this). It would be wise to change the password to your mailbox as this might be one of the ways that someone has gained access to your account in the first place. Changing the password to your website's CMS will not hurt either. If you have similar or the same passwords that you use for many logins, you should probably change it everywhere. If one account is hacked, others may be compromised as well. At this point, you should take no further risks and do whatever it takes to keep things safe.
Turn on Two-Factor Authentication. This can prevent most attempts to break into your account. Thanks to it, access to it will be much harder for someone other than you. Enable this from the security section in your Elastic Email account.
A typical phishing scam could look something like this
- Mining of lists looking for potential accounts
- Creation of a fake email template or multiple templates
- Creation of a fake website or multiple websites
- Sending of fake emails to the mined email addresses hoping people will think that the email is coming from a legitimate company that they have an account with
- Included link(s) in the email to the fake (phishing) website
- Capturing of login credentials
- Gaining access to accounts
- Potentially asking for Credit Card information as well
However, if you are unsure, please remember that you can always ask us for help. We can give you more feedback on your account and help prevent situations like this from happening in the future.