1. ActiveCampaign Help Center
  2. Account, Billing, & Setup
  3. Account Security

Protect your ActiveCampaign account from phishing scams

Avatar
Privacy Team
Last updated

Phishing attacks are a common threat in today’s digital landscape. Online scammers often impersonate trusted brands like ActiveCampaign to trick you into revealing your login credentials or other sensitive information. 

This article aims to help you protect your ActiveCampaign account by learning to identify phishing attacks with real examples of scams impersonating ActiveCampaign. 

Red flags: how to identify phishing attempts

Use this checklist any time you receive an email about your ActiveCampaign account (or any online service).

1. The sender address doesn’t match

Legitimate ActiveCampaign emails always come from @activecampaign.com addresses.

In a scam, the sender address was: 

  • support@activecampalgns.com (notice the subtle misspelling - a clear indicator that it’s not from us)

What to check:

  • Look at the full email address, not just the display name. Scammers can make the display name say “ActiveCampaign” while using a completely different domain
  • Be suspicious of domains that add extra words, letters, or unusual country codes

2. Artificial urgency and threats

Scammers often try to create panic so you react quickly without thinking. They may say things like:

  • “You must sign in within 48 hours to avoid deactivation”
  • “Your account will be limited unless you verify immediately”

While ActiveCampaign may occasionally send time‑sensitive communications, we will not threaten immediate account suspension without prior notice through official communication channels.

3. Generic or inconsistent greetings

Phishing emails frequently use broad, non-personal greetings like “Hi” or “Dear user” and may not reference your name or account at all.

Legitimate communications from ActiveCampaign typically:

  • Address you by name, or
  • Reference specific account information, such as your organization or plan

4. Suspicious links and buttons

Phishing emails almost always try to get you to click a link or button that leads to a fake login page designed to steal your credentials.

What to do before you click anything:

  • Hover your mouse over links and buttons to see the actual URL. If you are on mobile, press and hold a link to review the URL before tapping
  • Confirm that the link points to activecampaign.com (and not a misspelling or lookalike domain)
  • Be wary of shortened URLs or domains you don’t recognize

If something looks off, do not click.

5. Requests for passwords or sensitive information

ActiveCampaign will never ask you for your password via email, even in a support context.

Treat any email as highly suspicious that:

  • Asks for your password or MFA code
  • Asks you to “verify” your account by replying with sensitive information

An example

At first glance, this email looks legitimate—but there are multiple red flags that reveal its true nature.

 

  • ActiveCampaign is hyphenated, and the hyphenation is inconsistent
  • There is an urgency to the tone: “...subscription is set to expire soon.”
  • When you hover over the button, the URL is likely to point to a misspelled domain

What ActiveCampaign will never do

Understanding our legitimate practices makes it much easier to spot fakes. ActiveCampaign will never:

  • Threaten to deactivate your account without prior communication through official channels
  • Send critical account security notifications from non‑ActiveCampaign domains
  • Ask you to click a link in an unsolicited email to “verify” or “secure” your account
  • Ask for your password or other login credentials by email

If you see any of these behaviors, assume the message is not from us.

What to do if you receive a suspicious email

Do not interact with the fraudulent email. Don't click links, don't download attachments, and don't reply.

Verify independently. 

  1. Open a new browser tab and type activecampaign.com directly into the address bar.
  2. Log in to your account from there—never from a suspicious email link.
  3. Check your in-app dashboard for any alerts or required actions. If it’s legitimate, you’ll see it there.

Report it to ActiveCampaign. Forward the suspicious email to help@activecampaign.com so our team can investigate and, if necessary, warn other customers.

Delete the email. After reporting, delete it from your inbox (and from trash/junk if needed).

If you have entered credentials and fear your account may be compromised, follow the below steps and/or report to abuse@activecampaign.com.

  1. Reset your account login.
  2. Rotate API keys.
  3. Audit logins/current sessions.
  4. Ensure MFA is enabled

If you reused those credentials in other locations, rotate them as well, in line with security best practices.

These habits protect not only your ActiveCampaign account but also your broader digital identity.

More best practices to combat phishing

In addition to spotting and reporting suspicious emails, incorporating the following best practices into your day‑to‑day helps reduce your risk:

  • Enable multi-factor authentication (MFA) on your ActiveCampaign account and other critical services, using an authenticator app where possible. We strongly encourage MFA for all users on your account. Here is how
  • Use strong, unique passwords for your ActiveCampaign login and never reuse passwords across services
  • Keep your browser and operating system up to date to benefit from the latest security protections
  • Train your team—share this guide with colleagues and include phishing awareness in your onboarding and ongoing enablement
  • Use your email client’s spam/phishing reporting tools to help block similar messages in the future
  • Use a password manager to store and auto-fill your login credentials. Unlike humans, password managers won't auto-fill on lookalike domains — making them an effective passive defense against phishing sites

How ActiveCampaign communicates real security updates

When ActiveCampaign needs to share important security information or request account actions, we use trusted channels and transparent communication.

You can expect:

  • Notifications in your ActiveCampaign dashboard after you log in directly at https://activecampaign.com
  • Emails sent only from verified @activecampaign.com addresses
  • Reasonable timeframes for any required actions
  • Clear, detailed explanations of why we are requesting the action

For any urgent or critical security update, you’ll always be able to see corresponding information inside your account, not just in your inbox.

Stay vigilant, stay protected

Email phishing remains one of the most common tools used by cybercriminals, but with the right habits, you can significantly reduce your risk.

  • When in doubt about an email, go directly to the source by logging into ActiveCampaign from your browser instead of clicking email links
  • If the request is legitimate, you’ll see it in your account dashboard
  • If you’re still unsure, contact our team through your ActiveCampaign dashboard—we’re here to help verify any communication you receive

To learn more about how we protect your data, visit activecampaign.com/security.

Was this article helpful?
0 out of 0 found this helpful

Have more questions? Get in touch

Start free trial