Solved

My email had been spoofed!!! Someone is sending emails in my name!

  • 21 October 2023
  • 1 reply
  • 214 views

Badge +2

Yesterday we started receiving tons of reply emails requesting to unsubscribe from our list. The original email appears like our own, but it wasn’t! we’re a fashion brand, and the email was all about a mobile survey (“Stay Ahead of the Game”). If it helps,the address in the bottom wasn’t ours but this one, which i later found in spam lists: a9101 W. Sahara Ave, Las Vegas, NV 89117. 

We have a huge 300K list, which we collected with hard work and a lot of respect for our clients. We can’t start fresh, we have to fix this. 

Klaviyo support is offline due to the weekend, but it’s urgent!!!!

  1. How can i secure my email address?
  2. how can i know that it won’t repeat? 
  3. Is there any way to find the origin of this hacking? what happened that compromised our account?

Thank you

icon

Best answer by bluesnapper 21 October 2023, 18:32

View original

1 reply

Userlevel 6
Badge +35

Hi @ofrika 

So sorry to hear this. Incredibly stressful and upsetting for you!

I don't work for Klaviyo but I'll try to help with some things to consider.

It's often the case that spammers will spoof the email to look like it's being sent from your email when it is not. Or they may have hacked your email systems outside of Klaviyo. Have you contacted the ISP who hosts your email to look into this?

Have these campaigns been sent from your Klaviyo account? You mention that lots of unsubscribes have been replyto which is unusual behaviour if there's an unsubscribe link in the email - Klaviyo won't send emails without one being included - and most people will unsubscribe via that link. 

Have you checked if the replyto emails you've received are contacts that you have in Klaviyo? I ask as the spammer may have used lists they have obtained elsewhere.

If you believe your Klaviyo account has been hacked, change all user passwords immediately and, if not done so already, enable  2 factor authentication. With that enabled, even if someone obtains your Klaviyo login credentials they won't be able to gain access to your account.

Hopefully you'll get a response from Klaviyo here or via their tech support soon.

Regards

Andy

Reply