You may have issues when you try to sign in to Microsoft Office 365. Or, you notice that suspicious activity occurs in your account, such as large amounts of spam that originates from your account.
You may also experience one or more of the following issues:
- The Sent or Deleted Items folders in Microsoft Outlook or in Microsoft Outlook Web App contain common hacked-account messages, such as "I’m stuck in London, send money."
- Unusual profile changes, such as the name, the telephone number, or the postal code were updated.
- Unusual credential changes, such as multiple password changes are required.
- Mail forwarding was recently added.
- An unusual signature was recently added, such as a fake banking signature or a prescription drug signature.
Even after you've regained access to your account, the attacker may have added back-door entries that enable the attacker to resume control of the account.
To help resolve these issues, you must perform all the following steps within five minutes of regaining access to your account to make sure that the hijacker doesn't resume control your account. These steps help you remove any back-door entries that the hijacker may have added to your account. After you perform these steps, we recommend that you run a virus scan to make sure that your computer isn't compromised.Step 1: Make sure that your computer isn't compromised
Step 2: Make sure that the attacker can't log on to your Office 365 account
- Make sure that you have Windows Update turned on.
- If antivirus software isn't installed on your computer, we recommend that you install antivirus software and then run a scan to make sure that no malicious software is installed on the computer. You can download free anti-malware or antivirus software from Microsoft. To do this, go to the following website:
Step 3: Make sure that the attacker can't resume access to your account
- Change your password immediately. Make sure that the password is strong and that it contains upper and lowercase letters, at least one number, and at least one special character.
- Don't reuse any of your last five passwords. Even though the password history requirement lets you reuse a more recent password, you should select something that the attacker can't guess.
- If your on-premises identity is federated with Office 365, you must change your password on-premises, and then you must notify your administrator of the compromise.
Step 4: Additional precautionary steps
- Make sure that the Exchange account doesn't auto-forward addresses. For more information, go to the following webpage:
- Make sure that the Exchange server isn't sending auto-replies. For more information, go to the following webpage:
- Make sure that your contact information, such as telephone numbers and addresses, is correct.
- Make sure that you verify your sent items. You may have to inform people on your contacts list that your account was compromised. The attacker may have asked them for money, spoofing, for example, that you were stranded in a different country and needed money, or the attacker may send them a virus to also hijack their computers.
- Any other service that used this Exchange account as its alternative email account may have been compromised. First, perform these steps for your Office 365 subscription, and then perform these steps for your other accounts.
These issues may occur when your Office 365 subscription has been compromised. In this case, your compromised accounts may be blocked to protect you and your contacts and help you recover your account.
For more information about phishing scams and fraudulent email messages, go to the following websites:
Still need help? Go to the Office 365 Community
Article ID: 2551603 - Last Review: October 23, 2013 - Revision: 16.0
- Microsoft Office 365 for enterprises (pre-upgrade)
- Microsoft Office 365 for small businesses (pre-upgrade)
- Microsoft Office 365 for education (pre-upgrade)
- Microsoft Office 365
|o365 o365a o365e o365p o365m o365062011 pre-upgrade o365022013 after upgrade KB2551603|