Secure a compromised Mailbox

Symptoms of a compromised mailbox


If any of these symptoms apply to you, take immediate steps to secure the mailbox:

  • You have started receiving bounce messages for emails that you never sent.
  • You notice emails that are unfamiliar.
  • Your password has been changed.
  • Colleagues or friends report receiving messages from you that you never sent.
  • Forwarding rules have been added that you did not create.
  • Your reply-to address has been changed.
  • You received an email from Rackspace informing you that your mailbox has been disabled.

Risk factors


Avoiding the following factors is a small inconvenience compared to the potential damage caused by a successful mailbox compromise. If you find that any of these factors apply to you, you should take immediate steps to secure your mailbox.

  • Weak or moderate strength passwords
  • Delaying software updates
  • Clicking links from unverified sources
  • Clicking links without verifying their authenticity. Even links from what appears to be a trusted source can easily be a trick to gain access to your account.
  • Accessing your account from a public computer, such as those in libraries or hotels. If a computer is used by strangers all day, you should assume that it is unsafe to access your mailbox from it.
  • Accessing your account over public WiFi.
  • Secure a mailbox that has been compromised
  • Take the following steps to secure a mailbox that has been compromised:

Immediately change the password to the mailbox.

Locking out those who have compromised the mailbox is the top priority. The longer a bad actor has access to your account, the more damage that can be done. When crafting a new password, review Password management, and best practices. Ensuring you enable Multi-Factor Authentication will help increase the security of your mailbox. 

Scan all devices for viruses and malware.

Malware and viruses can gather the information that you enter through your infected device. If you scan your devices and find an infection, you need to change your password for a second time after you have removed the malicious software. Otherwise, your mailbox information could already be in the hands of a hacker.

If the mailbox was disabled by Thexyz, follow these instructions to restore mailbox access.

Warning: Do not restore access until after you have changed the mailbox password and scanned all devices for malicious software.

Alert your colleagues and coworkers. If you are not the administrator for your company, you should alert your administrator immediately.

It is better to raise the alarm and protect everyone’s information than to risk the compromise growing beyond your mailbox.
If the return-path and originating IP of the message that led to the compromise was the source, blocklist them. Usually, the message contained a suspicious link or asked you for account information.

The View and read Thexyz Email headers article shows how to identify the return-path and originating IP of the malicious email. Educate your users about the risk factors and symptoms of a compromised mailbox. Email attacks are a constant threat that users and admins should be prepared for at all times.

  • 120 Users Found This Useful
Was this answer helpful?

Related Articles

Enabling two-factor authentication

Setting up 2-factor authentication (or 2FA) provides a second line of defense. If your password...

Setup SMS password reset for Webmail

Email password resets for Webmail require SMS verification or Multi-Factor Authentication. If you...

Password Help

Here at Thexyz we take your account security very seriously and want to make it easy for you to...

How To Change Your Webmail Password

A strong and secure password is an essential component of protecting your online accounts,...

How to enable DKIM Authentication on your domain

Protect your Email with DKIM (Domain Keys Identified Mail). DKIM adds a secure signature to your...