Recovering from a compromised Office 365 account: 

The following instructions are written with the end-user in mind.  If you are a school or county email administrator the steps will be slightly different for you. If you don’t understand what the info in a particular section means you should call the Help Desk.

If you are a school email admin or technician doing this for the user then you would do the following:  Change the users’ password, check out their account as below, then have the user sign in to Webtop and change their password to a new complex password once you have verified that their email account is clean. Next, you need to send an email to the address below to have their account unblocked if it has been reported as blocked.

Reset Password

  • If you know your password you need to change it to something more complex:
    • Go to the Webtop Profile Tool at https://webtop.k12.wv.us/0/apps/profile/
    • Log in with your current Office 365/Webtop email address and password.
    • Click on “Change Password” in the top menu and complete the change password form.
    • Passwords must be at least 8 characters (more is better) with at least one capital letter and one number.  You should add one or more extra characters to make the password more complex such as !,@,#,$,%, etc.  After all, you wouldn’t be here unless someone was able to figure out your password!
    • It is best to NOT use anything associated with you personally such as your last name or school as part of your password.
  • If you do not know your password please contact your local technology contact or call the Help Desk as they can assist you with resetting your password.

Check Account Settings

  • Check all the account settings to make sure nothing was changed (Specific options to pay closer attention to are listed below).
    • Sign in to Office 365 in a web browser.
    • Click on Outlook.
    • Click on the Gear   
    • Type Mail in the search box
    • Look at all of the account settings in the menu on the left.

 

Specific Account Settings to Review:

Forwarding – Make sure that forwarding was not set up on the account.   If it has, please uncheck the “Enable Forwarding” option and click on the Save button.

In the picture below messages have been forwarded to another email.

Inbox and Sweep Rules – Make sure that there are no rules listed that you haven’t created.   Sometimes when a user states they are not receiving any emails you will find a rule that will automatically send all emails to the deleted folder.  Delete any rules that you don’t want or recognize.

Block or Allow Once again make sure that there are no entries here that you didn’t create in the Blocked Senders” or “Safe Senders” list.

User cannot send emails to external addresses:

  • This occurs because the compromised account was used to send a large amount of spam externally.
  • Office 365 will block all external emails sent for such an account after the threshold has been met.
  • If this occurs, please ensure you have taken all the steps above to address the compromised account and then email office365@help.k12.wv.us and request that the block be removed. Please specify that steps have been taken to address the compromised account.

Things to note:

  • You may continue to receive undeliverable emails for multiple days after you have changed your email password.
  • If you caught this activity and reset your password quickly it is still possible that your account could be disabled depending on the number of spam emails that were sent and how long it takes for other mail servers to notify Microsoft that your email account is sending spam.
  • If your account continues to get hacked it is possible that you have spyware installed on your computer or cell phone. You may also be falling for phishing emails, ads, or websites.

Last Update: October 12, 2019  

October 12, 2019 193 Mark Scarberry  Office 365
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Add A Knowledge Base Question !

You will get a notification email when Knowledgebase answerd/updated!

+ = Verify Human or Spambot ?

About The Author

I have worked in the computer repair field since the early 90's. I was a technician and then Coordinator of Computer Repair for Regional Education Service Agency II (RESA 2) for 18 years. I am currently working for Wayne County Schools as a Network Engineer/Technology Specialist. I am responsible for the schools Internet access, Wi-Fi, networks, servers, laptops, desktops, and their operating systems and software.

Related posts