Deliverability
Help! My email account has been hacked. What should I do?
How do you come back from being hacked? If your email account is being used to send spam, expect both an immediate and lasting impact. Avoid the turmoil and follow our guide to learn how to handle and, more importantly, prevent this type of hack.
PUBLISHED ON
“Dear friends and family, if you’ve gotten any suspicious-looking messages from me recently, please don’t open them!”
That’s probably the message you’d send to your contact list if someone hacked your personal email.
And, while identity theft is terrible, imagine if your business email account got hacked. It’s not only your personal bank account, credit cards, and personal data at risk, but also all of your customer data. A malicious cybercriminal can easily use your email account to scam your customers and destroy the relationship and trust you’ve built with your subscribers – not to mention your sender reputation.
We’re not going to lie, having your email compromised is not a good situation to find yourself in but don’t worry, we’ve got you covered.
Table of contents
1. Reset API keys and SMTP credentials
2. Assess the damage
3. Reverse the damage
4. Strengthen passwords
How can I restrict API key and SMTP credential access?
How can two-factor authentication boost my account security?
How can my account become compromised?
You’ve probably got great cybersecurity protocols in place, but all it takes to break through your defenses is someone leaking your API keys or SMTP credentials. Here’s a list of some common ways your email account can be exposed and compromised:
Your password is insufficiently strong and therefore easy to decrypt.
Someone has leaked your API keys or SMTP credentials.
You’ve fallen for a phishing scam or clicked on a malicious link, accidentally downloading malware that opened a backdoor for scammers to gain access to your account.
You’ve exposed yourself by signing onto public wifi without using a VPN.
As a best practice, we recommend that you always check your recent activity and investigate any suspicious activity you don’t recognize. You should take your online security as seriously as fraud charges on your credit card. This way, even if your account is compromised, you can nip the hack in the bud and quickly work to minimize and reverse damages.
What do I do if my account is compromised?
Let’s say that the worst has happened, and your account has already been compromised. What can you do? Here are some things you can do right away.
Reset API keys and SMTP credentials
Assess the damage
Reverse or address the damage
Strengthen passwords
Let’s dig into each of these below.
1. Reset API keys and SMTP credentials
The first thing that you need to do is cut the spammers’ access to your accounts. As an admin, you’ll need to reset your account’s API keys and SMTP credentials for any domain that seems to have issues. The faster you do this, the better off you’ll be.
2. Assess the damage
Now that you have new keys and credentials, it’s time to check how much damage was done. Like the holidays, you'll have some cleaning up to do once the chaos is over.
Unfortunately, you may face negative consequences because the hackers have probably sent out spam messages authenticated with your actual domains/dedicated IPs.
The most commonly seen issue is your IP may be blocklisted. This can happen on the day the unauthorized send happened or a few days later. In the days that follow, you’ll receive a lot of spam complaints, so be prepared to work with your marketing team to do some damage control.
3. Reverse the damage
Now that you’ve assessed the damage, it’s time to reverse it. Not all DNS blocklists are created equal, and the majority won’t impact the delivery of your emails, so it’s best to quickly resolve the listings that matter before focusing on the less utilized blocklists.
If you find yourself on a blocklist, here’s what you need to do to get delisted:
Check the information you received when you’re informed that you’re blocklisted. Most blocklist vendors will include a URL for you to begin the blocklist removal process.
Send over the information requested by the blocklist vendor. Most reputable blocklist vendors will have a clear self-service path to delisting that involves sending them your contact information and any comments as to the possible reason for the block.
As a benefit of Mailgun's Deliverability Service, we’ve automated the monitoring of all major blocklists to check them in real-time. Our team of experts will step in to deal with the blocklist providers directly.
4. Strengthen passwords
Once you’ve reversed the damage to your IP and domain reputation, it’s time to do a password reset. Ensure that your new password is sufficiently strong. Then, set a strong password for the compromised email account and strengthen your cybersecurity practices. Not quite sure how to prevent future leaks? Keep reading, and we’ll go over some tips in the section below.
How can I prevent future leaks?
Once you’ve gotten damage control out of the way, it’s time to think about how to prevent future leaks. Besides strengthening your security software, you can also:
Restrict API key and SMTP credential access, if possible
Enable two-factor authentication (2FA)
Let’s go over each of these in detail below.
How can I restrict API key and SMTP credential access?
Anyone with access could have contributed to your credentials becoming compromised. You can check out our comprehensive security guide for some general advice on running your infrastructure in a secure configuration.
When hackers send spam with your credentials, it’s likely because your sensitive information got leaked in a public script. You’ll need to make sure only the right people can read your API keys. Luckily, with Mailgun, you can restrict access to your API keys and SMTP credentials by assigning specific roles to your users. The last thing you want is a well-intentioned non-dev sharing your secret keys without knowing what purpose they serve.
How can two-factor authentication boost my account security?
Enabling 2FA adds a few extra steps of protection, and since logging in involves a second external device or account, it’s a lot harder to compromise credentials. We recommend ensuring everyone on your team with access, not just administrators, have 2FA configured.
Check out our guide on 2FA to get up to speed. Or, if you’re feeling ambitious, work with your security team to implement multi-factor authentication.
A bonus tip before we go
Security is a big consideration when it comes to partnering with services. Make sure you’re choosing a service that provides effective support to act as a resource if you get in a bind.
And if you want additional peace of mind, Mailgun’s Deliverability Service might be a great fit for your email program. We partner you with one of our experts who will help you create and maintain a healthy email program.