When you log in to the Admin Panel, on the Home page, you might see this warning message:
New security incidents detected. Click here to check the Security page.
This happens when we detect suspicious logins from more than one location for one of your Users.
Click on the error message to go to the Security Incidents page and review each case.
To review the security incidents:
The User's account was compromised and an attacker is sending emails on his behalf or accessing the contents of his emails. This might happen if the User doesn't use a strong password, has malware installed or accessed his account from an insecure location / device and threat actor intercepted their password.
Some applications that the User has setup will access the contents of his emails from different servers which will trigger the suspicious login warning. You should inform the customer that the application has full access to their mailbox and make sure to read their Terms & Conditions about data processing.
If the User is comfortable with the app having access to their data, you can follow the steps to Mark IP as Safe.
Some examples of such applications include:
A legitimate case is when the User is traveling and is logging in from new locations.
The User is accessing the service using a mobile connection that keeps renewing the IP.
In case of legitimate use, the IPs can be marked as safe and will not trigger the Security Incident warning anymore.
To mark an IP as safe: