This can happen to anyone. One day your account may be successfully hacked. You should remember that this is not the end of the world and if you act quickly, you can minimize any damage done.
No one likes spammers. We are engaged in a never-ending battle between Email Service Providers, email servers and spammers. This fight has gone on for so long that some of us even start to make fun of it, but the dangers are real and should never be ignored.
How to spot if my account has been hacked?
There are a few things that may give you a hint that someone has gained access to your account and is messing around
We send notifications of suspicious or new logins. When your account is accessed by an untrusted device, you will receive an email notification of a login from a new device. If it is you that logged into your account, you can click on the link to trust the device so that we won’t notify in the future regarding logins from that particular device. The subject of the email will be “Security alert for your Elastic Email account”. We will provide information including time and date of login, the device, the browser, the system, the country and the IP address that the login originated from.
You have trouble logging in. If you can't log into your account
You get autoresponder messages you didn't expect. Often hackers act very quickly and start sending spam almost immediately after breaking in - so quickly, that they don't even change the crucial settings. If they didn't bother to change the "reply to" email address and start sending mass spam campaigns, very soon you may start receiving autoresponder messages from some of the mailboxes. If you are sure these haven't come as a response from any of your own campaigns, this is a red flag saying that probably someone is sending emails on your behalf.
Weird data in the logs section. Usually, most people who send emails professionally are in a love/hate relationship with all the statistics that come with this. They are always trying to make them better and always curious how the next campaign will perform. If you send a lot of emails every day, you may not even notice that someone else is also sending spam from your account. The changes in statistics that may make you suspicious would be a sudden rise in complaints and/or bounces due to invalid email addresses. Spammers contact lists are usually poor so there will be plenty of bounces, invalid email addresses and complaints impacting your statistics. If you see any of this occurring in your account, do a manual check and try to establish if this is coming from you. If not, this might mean that your account has been compromised.
Account status changed to blocked/under review. Elastic Email has several security tools in place to prevent spam from being sent from your account. If we notice an account that is trying to send suspicious content, our algorithms or team members might place the account under review and pause the account until the case can be explained. These actions are done in order to protect your account's reputation. A review can at times be triggered when an email simply looks suspicious, but it could also mean that someone has tried to send spam from your account.
What should I do if my account got hacked?
Stay calm. This is not the end of the world and we have you covered. First of all, you should contact us and inform us that you think your account may have been hacked. We will help you out immediately.
Scan your devices. A phone, laptop or any other device that you use may need scanning to check for malware, viruses or trojans that might steal the password again.
Scan your website. Do this especially if you have scripts in your
Change your API Key. Do this even if you don't use it for your applications. If someone has had access to your credentials, they may have had a peek at your API Key. This might be enough for them to mess around. Changing it is actually very easy and might save you a lot of trouble. You just need to press one button.
Change the password for your account and make sure that the contact email is set for your address (in case the hacker has changed this). It would be wise to change the password to your mailbox as this might be one of the ways that someone has gained access to your account in the first place. Changing the password to your website's CMS will not hurt either. If you have similar or the same passwords that you use for many logins, you should probably change it everywhere. If one account is hacked, others may be compromised as well. At this point you should take no further risks and do whatever it takes to keep things safe.
Turn on Two-Factor Authentication. This can prevent most attempts to break into your account
A Typical Phishing Scam Could Look Something Like This
- Mining of lists looking for potential accounts
- Creation of a fake email template or multiple templates
- Creation of a fake website or multiple websites
- Sending of fake emails to the mined email addresses hoping people will think that the email is coming from a legitimate company that they have an account with
- Included link(s) in the email to the fake (phishing) website
- Capturing of login credentials
- Gaining access to accounts
- Potentially asking for Credit Card information as well
If you are unsure, please remember that you can always ask us for help. We can give you more feedback on your account and help prevent situations like this from happening in the future.