We are aware of an ongoing phishing email attack targeting some Postmark customers. We have no reason to believe that Postmark was compromised. However, you may have been a target of this attack.
If you clicked on a link in an email to log in or to pay in the last 12 hours, and are unsure of the validity of those actions, please directly visit your Postmark account and perform the following actions to ensure your account is secured:
1. Change your password
2. Rotate your API keys
3. Enable 2-factor authentication
Please carefully inspect any links in emails that appear to be from Postmark in order to verify the validity of the contents. Links to Postmark will only lead to the Postmark app domain, and any links you follow will have valid SSL certificates (look for “https” in the address and a lock symbol in your URL bar). If you are otherwise unsure, do not click on any links received from emails that look like they came from Postmark in the past 12 hours.
We have not included any links in this email.
If you need further assistance, please contact our support team by clicking “Support” on the Postmark website.
More details to come.