What to do When Your Office 365 Account Compromised

If you think your office 365 account is hacked. Due to reasons like below mentioned;

You’re seeing changes in email setting i.e. ‘rules’ in Outlook that you didn’t create…
or say Sent Items which you didn’t send…
or asking to change account details…
or hearing from your contact details that you are sending them messages about money.

Here are the immediate steps to take:

Deep scan your system and mobile devices for virus/malware.

Check and remove any unwanted Outlook add-ins, rules, and browser extensions.

Reset account passwords and also change all the passwords which associated with compromised account like; bank/credit card/google anything that uses account. Do not re-use passwords make it pass-phrase.

Enable multi-factor authentication on your account. Get more information on Multi-factor and 2-Factor Authentication and why you should care.

Enable auditing and watch for any suspect attempts. Steps to Enable mailbox auditing in Office 365

Have a close look at your OneDrive / SharePoint storage for suspect files or any shared files/links also check emails like; Deleted Items, Junk Mail, and Sent Items very carefully and if you found any think suspicious or unwanted remove it.

Start using good email filters to cut down SPAM.

Configure SPF, along with DKIM and DMARC to protect account from spoofing and phishing attack. Here is an article for Best Practices to Avoid Email Phishing Attacks.