We send notifications of suspicious or new logins. When your account is accessed by an untrusted device, you will receive an email notification of a login from a new device. If it is you that logged into your account, you can click on the link to trust the device so that we won’t notify in the future regarding logins from that particular device. The subject of the email will be “Security alert for your Elastic Email account”. We will provide information including time and date of login, the device, the browser, the system, the country and the IP address that the login originated from.
You have trouble logging in. If you can't log into your account even though you are sure that the password and email are correct, it is possible that someone has gained access and made changes to these. If only the password has been changed, you can quickly reset it. Just use the "forgot password?" option to reset your password. If the email has been changed as well, this option will not help. You should immediately contact firstname.lastname@example.org to resolve this situation.
You get autoresponder messages you didn't expect. Often hackers act very quickly and start sending spam almost immediately after breaking in - so quickly, that they don't even change the crucial settings. If they didn't bother to change the "reply to" email address and start sending mass spam campaigns, very soon you may start receiving autoresponder messages from some of the mailboxes. If you are sure these haven't come as a response from any of your own campaigns, this is a red flag saying that probably someone is sending emails on your behalf.
Weird data in the logs section. The changes in statistics that may make you suspicious would be a sudden rise in complaints and/or bounces due to invalid email addresses. Spammers’ contact lists are usually poor so there will be plenty of bounces, invalid email addresses and complaints impacting your statistics. If you see any of this occurring in your account, do a manual check and try to establish if this is coming from you. If not, this might mean that your account has been compromised.
Account status changed to blocked/under review. Elastic Email has several security tools in place to prevent spam from being sent from your account. If we notice an account that is trying to send suspicious content, our algorithms or team members might place the account under review and pause the account until the case can be explained. These actions are done in order to protect your account's reputation. A review can at times be triggered when an email simply looks suspicious, but it could also mean that someone has tried to send spam from your account.
What to do if an account was hacked?
First of all, you should contact us and inform us that you think your account may have been hacked. We will help you out immediately.
Scan your devices. A phone, laptop or any other device that you use may need scanning to check for malware, viruses or trojans that might steal the password again.
Scan your website. Do this especially if you have scripts in your e-commerce or other websites that connect with your account through API or SMTP. If someone has gained access to the files of your app/website, they might also gain access to the credentials needed to connect with the API. So even though they do not have access to the dashboard directly, they can still send spam from your account.
Change your API Key. Do this even if you don't use it for your applications. If someone has had access to your credentials, they may have had a peek at your API Key. This might be enough for them to mess around.
Change the password for your account and make sure that the contact email is set for your address (in case the hacker has changed this). Changing the password to your website's CMS will not hurt either. If you have similar or the same passwords that you use for many logins, you should probably change it everywhere. If one account is hacked, others may be compromised as well.
Turn on Two-Factor Authentication. This can prevent most attempts to break into your account as access to it will be much harder for someone other than you. This can be enabled from the security section in your Elastic Email account.
Look out for the signs of a Phishing Scam:
- Mining of lists looking for potential accounts
- Creation of a fake email template or multiple templates
- Creation of a fake website or multiple websites
- Sending of fake emails to the mined email addresses hoping people will think that the email is coming from a legitimate company that they have an account with
- Included link(s) in the email to the fake (phishing) website
- Capturing of login credentials
- Gaining access to accounts
- Potentially asking for Credit Card information as well
If you are unsure, please remember that you can always ask us for help. We can give you more feedback on your account and help prevent situations like this from happening in the future.