What to do if Your Email is Hacked
- Change your email password (using something like 1Password to generate a random and unique password).
- Notify your mobile carrier and let them know what's happened. Verify you have a security PIN on your account to help minimize any unauthorized changes.
- Notify your insurance company, health insurance provider(s), and any other critical services so they can keep an eye peeled for any nefarious activity.
- Make a list of your online accounts, including social media, email, services, platforms, etc.
- Go through the list and change passwords (and also do Step 5 for each of them while you're at it).
- Enable Two-Factor Authentication (2FA), also known as multi-Factor Authentication (MFA). See instructions further down on this page.
- Login to your webmail account and check for unusual settings — including "hidden" rules with no names (spaces used) ...
- Email Rules (Inbox and sweep rules)
- Block or allow (Safe Sender and Recipients and Blocked Senders)
- Notify the following people and explain what happened. This will help build security awareness and may prevent them from becoming the next target.
Office 365 How-Tos
EVERYONE: Check Your Office 365 Email Sweep Rules, Block or allow and Forwarding
- Login to your email at outlook.office365.com.
- At the top of the page, select Settings (Gear icon) > Your app settings: Mail.
- In Options, select Mail >
- Automatic processing > Inbox and sweep rules
- Accounts > Block or allow
- Accounts > Forwarding
- If you see anything you don't recognize or understand, contact your IT team immediately!
ADMINS: Enable Office 365 Multi-Factor Authentication
- Admin console > Users > Active Users. Note: You must be logged in as an Admin. Partner access will not work to make these changes.
- More menu > More > Setup Azure multi-factor auth
- Leave search field blank and hit search to bring up list of all users and MFA status
- Check desired names then click enable on the right sidebar.
- Ask the enabled accounts to visit https://aka.ms/MFASetup to complete the setup.
- NOTE: Non-Microsoft apps will require unique passwords. See, Office 365: Using MFA with 3rd party email client.