We have noticed an increase in the amount of customers coming to us after their Office 365 Email Account has been hacked into which has either been result of the user opening a SPAM email asking to log into Office 365 or their Office 365 account being brute force attacked.
Once the account has been breached, someone malicious accesses the email account and then sends SPAM emails.
The attackers either send a SPAM email which points you to a phishing site which then asks for your Email account username and password to view false documents or brute force your Email password by trying multiple words from the dictionary and gain access to your Email Mailbox, depending on the complexity of your password it could take a week to several months. But once they have gained access they could see all of your emails and be able to send SPAM emails as if they were coming from you to unknown recipients.
We are highly recommending that all customers to change their Office 365 Mailbox password and ignore/delete emails if they do not recognise the sender.
You should choose a password with atleast 8 characters but the more characters the stronger the password would be, also include a capital letter, a number and a special character. Try not to use any word that can be pulled from a dictionary, and as with any password this should changed periodically.
Of course keep a note of this password an lock it away.
We do also strongly recommend to be highly secure and to comply with Cyber Essentials/NCSC requirements in that Multi Factor Authentication should be enabled.
Please contact us for more information.
How to change your Office 365 account password
1: Open your internet browser and navigate to www.office.com
2: Sign in with your email address and your current email password
3: Click on the COG icon at the top right
4: Select Password (Change your password)
5: It will ask you to enter your current password and a new one. It will also show how complex your new suggestion is.
6: Once you have changed your password you will be required to change it on your mail client software (Outlook, MacMail, mobile phone) and it will prompt automatically to enter this.
HardSoft will not keep a copy of the password and is the responsibility of the customer to store these.
If your email password has been lost or changed without your knowing then the only way to recover from this is to ask us or your email administrator to reset your password via your admin portal.
If you have been attacked and the attacker has breached your server you are obliged under the new GDPR law which came in on May 25th 2018 to inform the ICO of the breach.