Steps To Take After Your Office 365 Account Is Compromised

In our recent article, Office 365 Attacks On The Rise, How To Reduce Your Risk , we talked about the recent trend toward compromised Office 365 attacks and how to make yourself less of a target.  But, what if you think your Office 365 account has been hacked?  Maybe you are seeing ‘rules’ in Outlook that you didn’t create.. or Sent Items you didn’t send.. or hearing from people that you are sending them Skype messages about needing money.  Here are the immediate steps to take, and some thoughts from ESG on a good long-term plan to prevent re-infection.

What do I do first if my Office 365 account is possibly hacked?

1. Deep scan for malware on your laptop, desktop, and mobile devices.
2. If possible, remove your e-mail account from any mobile devices and/or ask your Office 365 manager (like us ESG or a reseller or even Microsoft if you can reach them) to help you disable any remote access to your mail while you sort this issue out.
3. Check for and remove unwanted Outlook add-ins, rules, and browser extensions.  This is critical to do BEFORE you start changing passwords because if the hacker can see your e-mail, they can get potentially intercept the new password reset requests you are making.
4. Reset all affected passwords – your Office 365 account, your Apple/google password, your banking/credit card password, and anything that uses the same password as your email account.  Do not re-use passwords going forward!  Think about LastPass or similar.
5. Enable multi-factor authentication on your Office 365 account and your banking/business logins if possible.  Watch for any suspect attempts.

What do I do after I get the first steps completed?

1. If you have any reason to think the hacker was sending e-mails, instant messages, or texts as you, let your contacts know that your e-mail might be compromised and to CALL YOU instead of e-mailing if they get any odd requests or financial correspondence from you.
2. Check with Verizon/AT&T or the local Apple Store about your phone’s security and health.
3. Contact ESG about getting LastPass setup for yourself or your whole business.  It has benefits besides just safely keeping all your passwords.
4. Ask us about ways to add enterprise-class anti-virus/anti-malware to all your systems including mobile devices.
5. Watch your accounts for anything suspect.. and check your rules, Deleted Items, Junk Mail, and Sent Items very carefully for any signs of tampering or messages/rules you did not create.  Hackers sometimes wait days or even weeks before trying to regain access.
6. Check your OneDrive and/or SharePoint storage for suspect files or any shared files/links.  Microsoft does a poor job of virus protection and will allow infected files to continue to be shared long after you have regained control of your Office 365 account.