Has My Office 365 Account Been Compromised? (Telltale Signs & What to Do)

Office 365 Account Compromised

Whenever a particular technology becomes popular, it also becomes a big target for hackers. Microsoft Office 365 is the most used cloud platform in the world, which has led to an alarming rise in account takeover (ATO) attacks in 2019.

According to Barracuda Networks, there has been a marked increase in hackers stealing login credentials and using a person’s Office 365 account for nefarious reasons. Their own data suggests that as many as 29% of organisations have become victims of ATO attacks on their Office 365 accounts.

Without proper Office 365 support and services, this is unfortunately becoming all too common a problem.

Once a single credential is stolen it can have a snowball effect in a number of ways, for example:

  • If that person is an Office 365 administrator, they can gain access to more user accounts
  • They can gain access to other platforms if that same password is used elsewhere (which is common)
  • That login credential can be sold on the Dark Web, meaning hacks will be coming from more than one entity

Why does someone want to log into your Office 365 account?

There are several reasons someone would want to compromise your account. If someone can send email from your account a recipient will be much more likely to open it, meaning phishing attempts have a much better chance of success.

Reasons hackers want to compromise your Office 365 account include:

  • Sending out spam email for a shady e-commerce business from your account
  • Sending your contacts phishing emails with malicious links or attachments
  • Gaining access to sensitive data in your Office 365 documents (such as credit card or banking information)

Signs That Your Office 365 Account Has Been Hacked

If you’re not watching for signs, your account could be compromised for weeks without you knowing about it. Hackers have every reason to want to continue using your account without your knowledge so they may not be planting a virus or something else that’s going to be immediately visible.

Following are some telltale signs that your Office 365 account has been hacked.

Sent Messages That You Didn’t Send

If you check your Sent or Deleted Items folder in Outlook and see emails that you don’t remember sending, that’s a big red flag that your account has been hacked. Phishing emails will typically be short and give little information, such as “I thought you’d like this” with a link to a malicious website.

Unusual Profile Changes

If you log in and see that something is changed like a postal code or phone number, but you didn’t change it, that’s another sign that someone’s hacked into your account. Some users may miss this, thinking that possibly an administrator updated a phone number, so if you’re unsure, ask around to see if it’s a legitimate change or not.

Password Change Requests

If you see changes that impact your login credentials, like several requests for a password update that you didn’t’ make, there is a good chance someone’s hacked your account.

Unusual Mail Changes

A user’s email account is often used by hackers that compromise an Office 365 account. Look for any strange setting changes such as a new mail forwarding rule a fake signature being added.

You’re Locked Out of Your Account

A hacker will often change the password to your account, so if you thought you definitely put the password in correctly, but you’re still getting an error message and have to go through a password reset, this is a tip for you to check all the signs above to ensure your account hasn’t been hacked.

What Should I Do If My Account’s Been Compromised?

Microsoft suggests several steps that you should take within 5 minutes of regaining access to a hacked account to ensure the hacker can’t get back in and hasn’t added any back-door entries that you aren’t aware of.

Scan Your Computer to Ensure It Hasn’t Been Hacked

You’ll want to scan your computer for viruses and malware to make sure it hasn’t also been compromised. You should also ensure Windows Update is turned on.

Lock the Attacker Out of Your Office 365 Account

You want to make sure a hacker can’t get back in, so you need to change your your password and ensure it’s a strong one (combination of upper and lowercase letters, and at least one symbol and number).

Don’t use any of the last five passwords you’ve used, just in case. Enabling two-factor authentication is another way to ensure that the hacker can’t get into your account again.

Make Sure the Attacker Isn’t Still Using Your Account

You’ll want to make sure that the Exchange account doesn’t have auto-forward addresses or is sending autoreplies that a hacker has put into place. Also, double check your signature and telephone numbers and addresses associated with the account.

Take Addition Precautions

Check your sent messages or deleted folder and if you see any phishing emails, you may need to warn the recipients of the hack. Even if you don’t see any, it’s prudent to let anyone on your contact list know your account was hacked.

Look at any other services that also used the same Exchange account as its alternative email account because they may have also been compromised.

Ensure the Security of Your Office 365 Platform

Office 365 is a huge part of the technology infrastructure of many organisations, which means it needs to be protected just as much as your network and individual devices. GKM2 can help you put together a solid cloud security strategy, so your data stays protected no matter where it resides.

Schedule an Office 365 security consultation today by calling +61 2 9161 7171 or contacting us online.