If you believe your SMTP2GO account has been compromised (alternatively known as "hacked"), we recommend taking the following steps and reaching out to our support team immediately, who can investigate further.
The main compromised account indications include:
- Suspicious sending or unusual/unfamiliar activity in the account's reporting (Activity, Summary, Suppressions, etc.).
- You start receiving a number of complaints and/or your bounce rate increases.
- Suspicious behaviour or changes are occurring in your account (unknown team members, SMTP User changes, different domains being added, etc.).
- Being unable to log in/access your account even though you believe the credentials are correct.
- You begin receiving unexpected autoresponder emails from your own address.
- You may receive Verifying Login Devices emails from SMTP2GO notifying you of attempted logins from an untrusted device.
SMTP2GO's review team monitors accounts for suspicious activity and account access. In this situation, they will contact the account owner immediately via email ticket providing information and asking them to investigate. In certain cases, they may need to temporarily suspend the account until further investigation and the issues have been resolved.
Steps
Investigate
Investigate the incident internally to see what happened and how it occurred (e.g. was it due to a leaked SMTP User/Password combination) and make changes to prevent it from occurring in the future.
Change your account login password
Immediately change your login password if you suspect your account has been compromised to prevent any further access to the account. View our Change Password article for the options available. If you cannot access your account, view our Account Recovery - Login Access or contact our support team who may be able to assist.
Temporarily block the SMTP User, IP or API Key
If sending is occurring through your account and authenticating via a specific SMTP User, IP or API Key, you can temporarily block the ability to send. View our Disabling an SMTP Username, IP Address, or API Key for further information.
Change the SMTP Users' password
If untrusted sending has occurred via the account using a particular SMTP User/Password combination, we recommend you update the password on the "Sending > SMTP Users" section of the account. You will need to then update any legitimate devices or setups with the new password to ensure they can continue sending.
Check Team members
Check your account team members on the "Account > Edit Team" page to ensure there are no newly added team members who should not have account access. If there are unknown team members, account owners can remove those.
Check your devices
Scan your devices (computer, phone or any other device on your network) to check for malware, viruses or trojans that might steal the passwords.
Two-factor Authentication - 2FA
Enable Two-Factor Authentication - 2FA for your account. 2FA is available using an authentication app or SMS and can be enforced for all team members.
Check everything is up to date
Ensure all of your software, mailing clients, applications, and devices are up to date with the latest versions.
Monitor
After resolving the issue, continue to monitor sending activity and account use. If any further suspicious activity occurs, contact our support team who will help to investigate further.
Best Practices for Account Security
Strong Passwords
Ensure all team members set strong and unique passwords that are not easily guessable. You can make use of services such as Lastpass, 1Password or other password generators which are great ways to create and store secure passwords. Additionally, ensure all passwords for SMTP Users are strong.
Two Factor Authentication - (2FA)
It is highly recommended you enable 2FA for your team members as it is the most secure way to lock your account down from unauthorized access. 2FA can be enforced so it is mandatory for all team members. View our Two-Factor Authentication - 2FA article for more information.
If 2FA is not enabled and someone tries to access the account from an untrusted device, an email will be sent to the account owner notifying them of the attempt and they will need to click the link in the email to authorize the login if it is legitimate.
Don't share login credentials
Add team members to the account via the "Account > Edit Team" page so they have their own login credentials instead of all making use of one combination. Team members can be set with specific permissions including Owner, Admin or Report only access. Our Team Setup article covers more information.
Further features to secure sending through your account
Restrict Senders or Recipients
Enable the Restrict Senders or Recipients features to allow or disallow certain senders (email addresses or domains) or list recipients (email addresses or domains) who can receive emails sent via your account.
IP Allowlist
Enable the IP Allowlist feature so you can restrict sending via your account to only be allowed from authorized IP addresses.
Avoid accessing your account from untrusted devices
Don't access your account from untrusted devices as you never know if they are infected or could save your login credentials. If you have to use a different device, ensure you log out of your SMTP2GO account when finishing your session.
Make use of Webhooks
Use SMTP2GO's Webhooks feature to keep you up to date and notify you if there are unexpected increases in spam complaints or bounces. It will allow you to investigate as soon as the account's usage doesn't appear normal.
Regularly scan your devices for viruses/malware and ensure the software you use is up to date
It is useful to periodically complete scans on all of your computers and devices you use to mitigate the potential of being infected with a virus, malicious software or trojans. Also, keeping your software up to date will help ensure you're using the most secure and recent version.
If you have questions or need assistance, please contact our award-winning support team via email ticket, live chat or phone.