RyanTech Blog

News and Insights

What to Do If Your Office 365 Account is Hacked

​We get this question all the time: "I think my account is hacked. What should I do?!?" Breached accounts are becoming more and more frequent as hackers find new ways to gain access. It's extremely important, now more than ever, that companies are taking this seriously and putting measures in place to prevent breaches from happening, but what if you don't have anything in place now and are not sure where to start? Let's take a look at the different things to look for in account breaches and how to fix and prevent them going forward.

Breaches can come in many different forms and hackers want to try to go as long as possible without the user realizing their account has been stolen from them. This is why it's crucial to know what to look out for so they can stop it before it goes too far. Here are a few signs that you may need to take action for a breach:

  1. Unusual Mail Routing - If all inbound mail is going into certain folders that are atypical for a user's mail flow, that could be a sign of a breach. For example, if a user starts to see all mail going into the Junk folder, it may be time to take action.
  2. Emails Sending From Account - A lot of times, hackers will gain access and start sending emails from that user's account to all of the contacts. This is an attempt to make an email look legit and gain credentials from your contacts. If you start to see multiple emails being sent from your mailbox that you are not sending, ALERT!
  3. Inability to Send Outbound Mail/Non-deliverables - When Microsoft sees multiple suspicious emails coming out of a mailbox in a very short period of time, they will flag the account and that user will not be able to send at all. This goes in conjunction with item #2 above, and the flag needs to be removed before sending mail again. 
  4. Foreign or Unusual Sign-in Activity - There are tools that can be used to monitor sign-in activity and they are perfect for detecting breaches. A lot of times, there will be international sign-in attempts on an account and this could be a big sign of a breach. Typically, we can trace this back to a general region or VPN provider, but if we see this, we will take action right away.
Now that we know what to look for and clues that an account may be breached, what do you do to get the account secure again? There are many things that can be applied on an account along with being aware of what's going on with your profile. Here are some simple things that can be done to help secure and prevent:

  1. Reset Account Password - This is a big one. Resetting the password is the absolute first thing that should be done. The reason the hacker has access in the first place is because he gained access to the password, so resetting it will ensure that he does not have access anymore. It's important to note that in the event of a breach the new password should be vastly different than the old one.
  2. Sign Out of All Sessions - This is something that is overlooked, but to completely ensure that the hacker does not have access to anything, all sessions need to be ended.
  3. Check Mailbox Rules - Most of the time, hackers will apply specific rules on the account to break the mail flow. We see this VERY often and it always needs to be looked at when fixing a breached account
  4. Check Mail Forwarding - By default, Microsoft has Mail Forwarding turned off, but it is very important to check this with a breached account. A lot of times, hackers will enable this feature on the account to send all mail straight to their account while the user has no idea.
  5. Enable Multi-Factor Authentication (MFA) - MFA is becoming the norm when it comes to email security and should be adopted everywhere. This would stop most hackers in their tracks and ensures that identity is verified upon each sign-in attempt by send a secure code to the actual account owner.
In today's world, it's getting easier and easier for bad actors to gain access to innocent users' accounts, so it is imperative to have processes and tools in place to stop them. With the proper tools, knowledge and experience, hackers can be a thing of the past in your organization and you can have peace of mind. It's always smart to be preventative as opposed to reactionary when it comes to your organization's Office 365 accounts and the sensitive data within them, so reach out to us and we can help get you as secure as possible.
For preventing unwanted access to accounts, we recommend looking at Cloud Protect to detect breaches and have our team of security experts review your account alerts: ryantechinc.com/landing/cloud-protect

Recent Posts

We Speak Cloud

Our dedication is to the cause of truly helping our customer's business flourish by fine-tuning their own business operations.

Request a Free Evaluation