|   Providing IT Happiness Since 2001

Has My Email Been Hacked?

Detecting an intrusion and securing your account 

 

 

Discovering signs of a compromised Microsoft 365 account is crucial for safeguarding your information and preventing a potential disaster for your organization. In this article we show you the common signs of that your account has been hacked. From missing emails to changed verification information, learn how to spot red flags and take immediate action to secure your Microsoft 365 account. 

Please view our companion articles: Detecting Phishing Emails and real world Phishing and Scam Examples.

Things to Look Out For

Every hack is different but there are many first signs of a hack that many of them share. Some of the most common signs something may be up are:

  • You do not see new email or notice an unexpected decrease in email volume.
  • You receive bounced back email errors messages from mail you did not send.
  • You get logged out of an active session.
  • Your receive email or text notifications of password resets or new logins.
  • Clients or vendors call you about changes you have requested by email (such as bank information).

Step 1 - Log into Microsoft 365

The first thing to do is log into the web portal for your Microsoft email. If this is a business account go to office.com. If this is a personal Microsoft account (e.g. @live.com, @outlook.com, @hotmail.com) go to outlook.com.

WARNING!

Do not type the above URLs into the search bar of your browser but in the top most address bar only. Better yet, just click above to go right to the login screen.  Hackers create fake sites and use techniques to manipulate search results to show their phishing sites instead of the legitimate portals. This goes for many sites such as banks and various businesses and social media. 

Once logged in,  go to your account settings by clicking on your initials or image in a circle in the upper right corner of the portal. Then select View Account.

Step 2 - Look for Any Suspicious Logins

Under Account Settings select Review Recent Activity under My sign-ins.  Here you will see login activity for your account. It will include days, times, and what physical location the login come from. Review the list and see if there is any account activity from some location or time/date where there should not be.

HEADS UP!

If you use a VPN you may see login activity from areas outside your geaographic location.

Step 3 - Check for Changes in Your Authentication Methods

The next item to check is to see if any changes have been made to how login's to your account's Authentication Methods. Hackers may add their own phone #'s or email addressses to the list of methods allowing access to your account. This allows them to get back into your account even after you change your password. 

I SEE THINGS I SHOULD NOT SEE

If you see authentication methods that you did not set up such as unrecognized email addresses or phone numbers you will need to take action. First add back the original methods you set up such as your cell phone #. Then click Delete to remove any you do not recognize. We do not recommend using 3rd party email addresses such as a personal Gmail account as an authentication method as a breach in that account can lead to a hack of your Microsoft 365 account.

Step 4 - Look for Common Email Modifications

To see if there are any common signs of your account being hacked we will first need to go to Outlook settings. 

Step 1- Select Outlook from the list of apps on the left hand side of the Microsoft 365 portal. If you do not see it, click on the icon that looks like a square made of dots. Then select Outlook from the list of apps.

Step 2- Select the Gear Icon.

Once you are in Outlook you will need to go to settings. It is located in the upper right hand corner of the Microsoft 365 Outlook interface next to your image or initials in a circle.

Step 3 - Select View all Outlook Settings

Step 4 - Select Mail

Step 5 - Select Rules.

If you see any rules that you did not set up notify your IT department. Common rules that hackers use are moving items from your inbox to other folders such as RSS Subscriptions, Archive, Deleted, and Junk. If you see anything suspicious, click the slider next to the rule to disable it.

Step 6 - Select Forwarding.

If you are not receiving any mail check the forwarding settings. If you notice it is enabled and going to an account that is not yours disable immediately. Usually it will be a hacked account that is being used to redirect your mail to the attacker.

Step 7 - Select Junk email.

Hackers may flag email alerts from 3rd party services so you cannot tell they are using your account to hack your other services such as social media and bank accounts.

Does it Look Like you May Have Been Hacked?

DON'T PANIC!

If you do notice changes to your authentication methods, Outlook modifications, or strange logins stay calm. First fix the authentication methods, then remove the Outlook changes. Once that is done change your password via the Password option in the main View Account menu . Once completed log out all active sessions via the Security info page. Make sure to notify your IT team so they may take further actions and check for additional signs of intrusion.

 


Need a Security Team? Contact Wireguided for all your IT needs.

Achieve IT happiness like all our clients

"I can say without exaggeration that Wireguided provides the most excellent service I have ever experienced."

Esther GriswoldEsther GriswoldDirector | EDS Library

"Wireguided is great for us. We had wanted to switch IT companies for a while now. I only wish we had done it sooner."

Bruce DelleChiaieBruce DelleChiaieGM | Watertown Engineering

"My experience has left me feeling that Wireguided is more of a co-worker than a vendor. I can’t thank them enough."

Andrew HegartyAndrew HegartySr. Engineer | Faulkner Hospital

"Since Wireguided has taken over the care of our IT things have been much easier for us. They are only a phone call away."

Lisa WollastonLisa WollastonOffice Manager | Sweezey Fence Erectors

WIREGUIDED

office

Wireguided LLC

4 Brook Street

Suite 20

Scituate, MA 02050

SERVICES

information

Get the latest updates

Thank You, we'll be in touch soon.

©Wireguided LLC 2023.  All rights reserved