Security alert: Phishing attempt on FastMail users

Over the weekend, we detected a phishing attempt against FastMail users. Phishing is where someone sends you an email claiming to be from a FastMail administrator, and asking you to reply with your username and password.

We will never send you an unsolicited email asking you for these details, and you should never respond to these emails, you should just delete them.

When a phishing attempt like this occurs, we quickly take steps to try and block any more of the emails entering our system, and also block any attempts to reply to the emails. We also check our logs to see if any users did reply to the email, and contact those users to let them know that the email was a fraud, and if they sent their password, they should immediately change it.

FastMail’s outgoing servers have a good sending reputation, and spammers and scammers would like to take advantage of that. We have many processes in place that block spammers and scammers from signing up, so sometimes they’ll try and steal account details from existing users, which is what these phishing emails are trying to do.