This can happen to anyone. One day your account may be successfully hacked. You should remember that this is not the end of the world and if you act quickly, you can minimize any damage done.

No one likes spammers. We are engaged in a never-ending battle between Email Service Providers, email servers and spammers. This fight has gone on for so long that some of us even start to make fun of it, but the dangers are real and should never be ignored.

How to spot if my account has been hacked?

There are a few things that may give you a hint that someone has gained access to your account and is messing around.

You have trouble logging in. If you can't log into your account even though you are pretty sure that the password and email are correct, it is possible that someone has gained access and made changes to these. If only the password has been changed, you can quickly reset it. Just use the "Forgot password?" option to reset your password. If the email has been changed as well, this option will not help unfortunately. You should immediately contact support@elasticemail.com to resolve this situation.

You get autoresponder messages you didn't expect. Often hackers act very quickly and start sending spam almost immediately after breaking in - that they don't even change the crucial settings. If they didn't bother to change the "reply to" email address, and start sending mass spam campaigns, very soon you may start receiving vast amounts of autoresponder messages from some of the mailboxes. If you are sure these haven't come as a response from any of your own campaigns, this is a big red flag saying that probably someone is sending emails on your behalf.

Weird data in the logs section. Usually, most people who send emails professionally are in a love/hate relationship with all the statistics that come with this. They are always trying to make them better and always curious how the next campaign will perform. If you send a lot of emails every day, you may not even notice that someone else is also sending spam from your account. The changes in statistics that may make you suspicious would be a sudden rise in complaints and/or bounces due to invalid email addresses. Spammers contact lists are usually poor so there will be plenty of bounces, invalid email addresses and complaints impacting your statistics. If you see any of this occurring in your account, do a manual check and try to establish if this is coming from you. If not, this might mean that your account has been compromised.

Account status changed to blocked/under review. Elastic Email has several security tools in place to prevent spam from being sent from your account. If we notice an account that is trying to send suspicious content, our algorithms or team members might place the account under review and pause the account until the case can be explained. These actions are done in order to protect your account's reputation. A review can at times be triggered when an email simply looks suspicious, but it could also mean that someone has tried to send spam from your account.

what should i do if my account got hacked

What should I do if my account got hacked?

Stay calm. This is not the end of the world and we have you covered. First of all, you should contact us and inform us that you think your account may have been hacked. We will help you out immediately.

Scan your devices. A phone, laptop or any other device that you use may need scanning to check for malware, viruses or trojans that might steal the password again.

Scan your website. Do this especially if you have scripts in your ecommerce or other websites that connect with your account through API or SMTP. If someone has gained access to the files of your app/website, they might also gain access to the credentials needed to connect with the API. So even though they do not have access to the dashboard directly, they can still send spam from your account.

Change your API Key. Do this even if you don't use it for your applications. If someone has had access to your credentials, may have had a peek at your API Key. This might be enough for them to mess around. Changing it is actually very easy and might save you a lot of trouble. You just need to press one button.

Change your password to the account and make sure that the contact email is set for your address (in case the hacker has changed this). It would be wise to change the password to your mailbox as this might be one of the ways that someone has gained access to your account in the first place. Changing the password to your website's CMS will not hurt either. If you have similar, or the same passwords that you use for many logins, you should probably change it everywhere. If one account is hacked, others may be compromised as well. At this point you should take no further risks and do whatever it takes to keep things safe.

Turn on Two-Factor Authentication. This can prevent most attempts to break into your account as access to it will be much harder for someone other than you. This is a huge safety improvement and there is really no reasonable argument for not activating this option when available.

If you are unsure, please remember that you can always ask us for help. We can give you more feedback on your account and help prevent situations like this from happening in the future.

If you like this article, share it with friends:
Share on Facebook
Facebook
0Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin

Ready to get started?

Tens of thousands of companies around the world are using Elastic Email to send their emails. Sign up now and join them for free!

Get set up in 2 minutes. No credit card required.