Within office 365 all access using UPN (User principle name) and their password, regardless of whether it is your mailbox, OneDrive, sharepoint, etc. By using Azure active directory, the password of Office 365 can be set at the cloud level. Moreover, if the tenant is in a hybrid state, then it may come from an internal active directory domain controller. When those two pieces of information are compromised then an attacker can do irretrievable harm, not only to the user’s account, but also to the organization as well that is based on their permissions. The experts of Office 365 Support team say that, a common attack we have seen are bulk emails sent to both internal and external users, using the compromised account. This is known as data exfiltration.
So how can anyone tell if their Office 365 account has been compromised or not? We have listed following symptoms that are signs of a compromised account’s behavior.
Symptoms of compromised Office 365 account:
- Suspicious activities, such as deleted or missing emails.
- Other users might receive emails from compromised account but the same email does not exist in the sent items folder of the sender.
- There are some extra inbox rules, which are not even created by intended user or the administrator. These rules might forward emails to unknown addresses automatically or move them to any specific folders where you can’t see them.
- In the Global address list, the user’s display name might be changed.
- You can’t send emails, as your mailbox is blocked from sending.
- The Sent or Deleted Items folders in Microsoft Outlook or Outlook on the web have common hacked-account messages, like “I’m stuck in Las Vegas, send me some money.”
- You will see some unusual change or update in the profile, such as name, telephone number, postal code
- Abnormal credential changes like multiple password change are requiring opening office 365.
- Mail forwarding feature was recently added.
- A strange signature was added in recent times, such as a prescription drug signature or a fake banking signature.
If any of these symptoms are found within your Office 365, then you should follow the below mentioned actions:
It is better to secure your Office 365 environment by taking Office 365 Help and see why this error takes place and what is all this fuss?
- Firstly, reset your password.
- Try removing email forwards.
- By removing suspicious Inbox rules, you can eliminate your issue.
- Look for Inbox rules and then remove all of user account
- Try unblocking user account
- By enabling Multi-Factor Authentication, you can also kill this issue
- At last enable mailbox auditing
One of the most common methods by which an account becomes compromised is through the malicious emails. But, you need to worry, just take Microsoft 365 Support and know all the possible ways to fix a compromised account in Office 365.