14 steps to x a hacked Microsoft 365 account
Download 0.77 Mb. View original pdf
|
- Navigate this page:
- 7. Review mailbox inbox rules
- Grant yourself admin rights to the mailbox 1. Open the Exchange admin center > Recipients
- Add members
| Users > Search for then click the user's name. 2. Click Applications. 3. Sort the list by date. 4. Find any apps that were registered since the hacker gained access to the account. Click the app name. . Click Remove. 6. Scan devices for malware It isn't very common but I have had an issue where we cleaned the Microsoft 365 account, changed the password, unblocked the account, and then had the malicious actor back in the account How did they do it They had malware on the user's computer. So be sure to scan all the user's devices for malware. Check for any weird apps in the startup of the computer and check for any strange services. 7. Review mailbox inbox rules One this hackers like to do once they gain access to one of your mailboxes is send a lot of phishing/spam emails. Of course, sending these emails will return a lot of undeliverable emails and emails from recipients saying things like "Is this legit. So One of the ways hackers found to cover their tracks is by creating a mail ow rule that will automatically delete any emails the user receives. There are 2 ways to check for the rules, using the GUI or using PowerShell. Typically, people nd the GUI to be more readable so we'll use that route below. First, you'll need to grant yourself full access to the mailbox. Then, you'll need to check for the inbox rules. Finally, you'll need to remove your full access to the mailbox. Grant yourself admin rights to the mailbox 1. Open the Exchange admin center > Recipients > Mailboxes 2. Search for and click the Display Name of the user that's been compromised. Click Delegation > Edit (located under Read and manage. Click Add members > Click the checkbox next to your admin account. Click Save. Check the inbox rules 1. Open Outlook OWA > Click your pro le icon in the top right. Click Open another mailbox. 2. Type the user's display name in the box provided. Click the user that appears in the Download 0.77 Mb. Share with your friends:
|