Given the right situation a spammer can sometimes figure out your email password and with that information, they can log into our server and, as an authenticated user, send many spams out through our server, using your email account. If this happens, DigiSage will change your email password, and sometimes also change your cPanel password (just in case you had them set the same).
Before you log into cPanel to change your email password, you should try to determine how the spammer was able to get your password. Here are some possibilities:
- The email account may have been using the same password as is being used on another website that may have been hacked. Check your password(s) here: https://haveibeenpwned.com/Passwords -- if you find your password(s) are in this database, please do NOT use them ever again, and any websites that use them, should have their passwords changed immediately.
- Maybe your password was easy to guess. Make your next password something harder to guess but still easy for you to remember.
- The email account may be on a phone or laptop or other mobile device that is not using SSL to encrypt your password when checking mail. This would allow the bad guys to view your password when you check mail using an open Wi-Fi hot spot. You should change mobile devices to use SSL for incoming and outgoing email. Here are the SSL port numbers to use.
- The computer used to check this email account may have Malware or a Trojan Horse on it, which may be capturing your usernames and passwords and sending them to the bad guys. We HIGHLY suggest installing and running the FREE version of MalwareBytes Anti-Malware software on any computer used to check this email account, to see if the machine is infected. It works best if you reboot your computer into SAFE MODE first, then run a FULL SCAN using this software to detect and remove any malware it finds.