What to do if Your Email is Hacked

Change your email password (using something like 1Password to generate a random and unique password).
Enable Two-Factor Authentication (2FA), also known as multi-Factor Authentication (MFA). See instructions further down on this page.
Login to your webmail account and check for unusual settings — including "hidden" rules with no names (spaces used) ...
1. Email Rules (Inbox and sweep rules)
2. Block or allow (Safe Sender and Recipients and Blocked Senders)
3. Forwarding
Notify the following people and explain what happened. This will help build security awareness and may prevent them from becoming the next target.
- Co-workers.
- Everyone in your address book. You must assume your address book has been stolen, even if no email appears to have been sent from your account. If you don't use an address book then consider your Recent (or Previous) addresses as stolen.
- Client and vendors, if appropriate.

Learn More

EVERYONE: Check Your Office 365 Email Sweep Rules, Block or allow and Forwarding

Login to your email at outlook.office365.com.
At the top of the page, select Settings (Gear icon) > Your app settings: Mail.
In Options, select Mail >
1. Automatic processing > Inbox and sweep rules
2. Accounts > Block or allow
3. Accounts > Forwarding
If you see anything you don't recognize or understand, contact your IT team immediately!

ADMINS: Enable Office 365 Multi-Factor Authentication

Admin console > Users > Active Users. Note: You must be logged in as an Admin. Partner access will not work to make these changes.
More menu > More > Setup Azure multi-factor auth
Leave search field blank and hit search to bring up list of all users and MFA status
Check desired names then click enable on the right sidebar.
Ask the enabled accounts to visit https://aka.ms/MFASetup to complete the setup.
NOTE: Non-Microsoft apps will require unique passwords. See, Office 365: Using MFA with 3rd party email client.