So you just got a call from one of your clients telling you that they received a strange e-mail from you with an attachment. You know you haven't e-mailed them in days. What could be going on? You check your sent mail folder and to your surprise there are hundreds of sent messages to everyone in your contact list. Uh oh, your Office 365 account has been hacked!
How did this happen? How do you fix it? And how do you stop it from happening again?
How to know if your account has been compromised
With the increased popularity and usage of Office 365 also comes the increased targeting of these accounts by hackers. It doesn't take a master level hacker to figure out how to get into your account either. Most accounts are compromised because of insecure passwords or phishing attacks. Phishing attacks will typically be e-mails that come in and pretend to be someone else. It might be an e-mail masquerading as Microsoft that redirects you to a fake Microsoft login page. As soon as you put in you credentials, they have the keys to your account.
Below are a few things that might indicate that your account has been compromised:
- You are not getting new e-mail - further investigation will typically show that an Outlook rule is forwarding your mail to an outside address and/or the deleted items folder
- You have suspicious mail in your Sent mail folder that you did not send
- You have an out of office auto-reply turned on that you did not set up
Stop the bleeding
So you know, or suspect, you've been hacked, what do you do now? First thing should be to reach out to your IT department. Most of the remediation steps should be done by a professional and many require administrative rights to do. But for those in IT, here is what you'll want to do:
- Reset the user's password with a secure, complex password
- Disable any forwarding rules and rules that move files to deleted items
- Remove mailbox delegates
- Enable auditing on the mailbox
- If there is any way the user had other passwords stored in their mailbox, all account passwords should be reset (ie. other accounts that user had access to like a bank account, etc.)
Microsoft has released a PowerShell script that can be run against the account that automates a good portion of this process. It can be found here: https://blogs.technet.microsoft.com/office365security/how-to-fix-a-compromised-hacked-microsoft-office-365-account/
Prevention is better than damage control
No one wants to be hacked so whether you've already had it happen to you or you want to stop yourself from being a future victim there are several things you can do to reduce your risk.
- Ensure that you use complex passwords that are at least 8 characters long, use uppercase and lowercase letters, use special characters and make sure you don't reuse the same password over and over again.
- Enable multi-factor authentication: Office 365 includes multi-factor authentication that will require not only your password but also access to a mobile app or text message to confirm that you are really who you say you are. While this does add an additional step to the login process, it prevents anyone who may have your password from getting into your account.
- Advanced Threat Protection: An add-on to Office 365 that scans attachments and e-mail links for malicious content. It also helps identify potential phishing and spoofing scams.
- Advanced Security Management: Another Office 365 add-on that provides advanced security reporting and alerting. One key feature is anomalous account activity detection. This allows alerts to go out if your account has suspicious login activity, like logging in from another state or country.
- Security Training: The best user is an educated user. Regular IT security training will greatly benefit any company so users know what suspicious emails or websites to avoid and what to do if they think there is a risk.
In today's IT world, security is a balancing act between convenience and protection. The true cost of a security breach should definitely tip the scales on the side of security.
For additional information on how you can protect yourself from these threats, please reach out to us at [email protected] or 800.796.4854.
Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution. We also provide expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing and Unified Communication Systems.