Account takeover has skyrocketed in the past year, partially because phishing emails continue to evolve and many organizations simply lack the tools to monitor unusual account behavior with cloud services. Below is a list of signs your Microsoft 365 account may be hacked.
1. Unusual Activity
If you notice suspicious activity like missing or deleted emails, your account may be compromised. Hackers will often attempt to cover their tracks once they have access to your account. Purging emails that may tip you off to their presence is a common sign of being hacked.
2. Gaps in Email Chains
Other users may receive and respond to emails from you without the email existing in your Sent Items Folder. Once a hacker accesses your account, they are in a race to steal as much money and information as quickly as possible.
3. Email Forwarding Rules
If you notice forwarding rules that you didn’t set up, it may be a hacker. They often set up rules to forward your emails to their accounts to hide emails in infrequently used folders such as the Notes, Junk Email, or RSS Subscription Folders.
4. You Cannot Send Emails
If you account has been used to send a large volume of spam, Microsoft can prohibit you from sending emails. If you are connected to your account and unable to send emails, you may have been hacked.
5. Strange Emails in Sent or Deleted Items Folder
If you see odd emails such as “I’m stuck in Paris, send money!” or other emails you didn’t send in either of these folders, a hacker may have sent them. Emailing your friends and asking for money is a common ploy used.
6. Unusual Profile Changes
If your profile name, address, or phone number has been changed, it may be a hacker impersonating you. They may attempt to redirect calls or mail by updating your profile to include erroneous information to extend the fraud beyond email.
7. Your Password Changed
If you find yourself suddenly locked out of your account, you need to immediately contact your system administrator. While users frequently lock themselves out of their account, if you know you did not, you should immediately be suspicious.
8. Friends and Business Partners Contact You
If you start receiving emails or calls from friends and business contacts regarding suspicious emails from your account, you need to take action immediately. The longer the account is in the hands of the hacker, the greater the damage to you and your organization’s reputation.
9. New Emails Appear to Have Been Read
Outlook shows new email subject links in bold for unread emails. If you notice a new email that you haven’t read is not in bold, you should be suspicious.
10. You Aren’t Receiving Any Emails
If you believe you should have received an email but have not, first make sure you are connected to Microsoft Exchange. If you are connected and still have not received emails for a considerable amount of time, you should be suspicious. Hackers often setup mailbox rules to deliver inbound emails to the deleted items folder, delaying your ability in determining that your account has been taken over.