With the increase of phishing attacks happening across the entire email industry, many phishing attempts using Mailjet’s brand have been detected.
Phishing is a fraudulent attempt by attackers to steal your personal information such as login credentials and credit card details by sending an email impersonating a known or familiar business. Although the email appears real with the company's logo, design and branding, it can contain links to fake websites or include attachments that can install malware on your device.
Here is a real example of a phishing email attempt using the Mailjet brand:
Phishing attacks can either come from an external source (not from Mailjet) or from a hacked Mailjet user account (compromised accounts or websites). The root cause of a hacked account is not a result of a security breach within the Mailjet platform but instead too few security measures implemented by the user on their side (recycling passwords, sharing API Key details, not setting 2FA …)
Here is a real example of a phishing email attempt using the Mailjet brand:

Phishing attacks can either come from an external source (not from Mailjet) or from a hacked Mailjet user account (compromised accounts or websites). The root cause of a hacked account is not a result of a security breach within the Mailjet platform but instead too few security measures implemented by the user on their side (recycling passwords, sharing API Key details, not setting 2FA …)
What are common signs of a phishing email?
- The email will create a sense of urgency by stating an issue that needs immediate action otherwise your account will be closed or experience a service disruption.
- The email asks you to confirm personal information such as login credentials or banking details.
- It is poorly written, contains grammatical mistakes, has an incorrect salutation or generic greeting.
- The URLs in the email may look similar to the business website but have slight misspellings or extra subdomains. For example, the legitimate app.mailjet.com link may appear as app.mailjet-com.login in a phishing email.
- Receiving an unsolicited email that asks you to download an attachment. (The attachment may contain an embedded script that is executed upon download, giving the attacker access to your machine and all your passwords saved in your browser.)
What to do if I have clicked on a link in a phishing email or downloaded an attachment?
If you have clicked on a link or downloaded an attachment, that usually means that your account has been already compromised. In those cases, follow the steps below:
If you receive a suspicious looking email, do not click any links or download any attachments. Please report it by sending it to abuse@mailjet.com and then delete the email.
If you have any additional questions or concerns about phishing emails, please contact our Support Team.
- Reset your secret API Key(s) on all of your accounts (https://app.mailjet.com/account/apikeys). For more information, please read our Reset my Secret Key FAQ.
- Reset your Mailjet account password to a new, stronger password. Do not recycle passwords or re-use passwords from other online accounts.
How to protect yourself from a phishing attack?
- Always ensure you are on app.mailjet.com when you log into your Mailjet account.
- Do not disclose any personal or sensitive information via email. If Mailjet should ever need any information, we will contact you via our platform.
- Change your Mailjet password regularly.
- Never share your API Key information.
If you receive a suspicious looking email, do not click any links or download any attachments. Please report it by sending it to abuse@mailjet.com and then delete the email.
If you have any additional questions or concerns about phishing emails, please contact our Support Team.