The following is a list of what needs to be done/reviewed on a hacked account.
If you still need help no problem, we can do a remote assist to help. It usually takes 15-30 mins and can be scheduled here: https://calendly.com/adamlavelle/remote
- Reset Password
By resetting your password, you not only change the password to secure the account, it also kills any active sessions. You can learn more about how to reset a password here: https://support.office.com/en-us/article/video-change-your-office-365-for-business-password-df48c24e-d036-4d72-987f-b6197f618619
- Review/Disable Rules and Forwarding (very common)
Like delegation, attackers can leverage this functionality to continue having email access to your mail.
- Review and remove any anomalous forwarding rules the attacker created
- Remove any global mail forwarding rules created by the attacker
- You can learn more about how to: https://support.office.com/en-us/article/forward-email-from-office-365-to-another-email-account-1ed4ee1e-74f8-4f53-a174-86b748ff6a0e
- Remove Mailbox Delegates (not as common)
Delegation is when you allow another user or admin to get access to your mails or calendar. Attackers sometimes use this feature to continue having access to your mail. You can learn more about how to configure delegate access here: https://blogs.office.com/en-us/2013/09/04/configuring-delegate-access-in-outlook-web-app/
- We can Enable Multi-Factor Authentication (MFA) on your account. MFA is a method of authentication that requires the use of more than one verification method. Enabling it will significantly reduce the risk of the account been compromised in the future. Say the word and we'll enable it for you