Office 365 mailbox got compromised?
Hi,
We have a lot of users received emails coming from an Office 365 mailbox but the sender claims he never sent those emails.
It looks like his mailbox is somehow compromised.
What should we do?
Please advise.
Thanks.
We have a lot of users received emails coming from an Office 365 mailbox but the sender claims he never sent those emails.
It looks like his mailbox is somehow compromised.
What should we do?
Please advise.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you already checked the mailflow for the user from ECP?
Check the origin and destination of the email source.
What type of email it is. Notification, service, or JUNK/SPAM??
Also, check the delegate access to the mailbox.
Check the origin and destination of the email source.
What type of email it is. Notification, service, or JUNK/SPAM??
Also, check the delegate access to the mailbox.
I would also recommend that the sender's domain get locked down so that only authorized sources can send mail through that server. They need to make sure that message relay is not opened up to the entire internet. This is a common mis-configuration and can contribute to email spoofing.
I agree with all the experts above.
To know how to verify if the account is hacked or not and also to know various methods to resolve this issue. You can find the relevant information in the link given below:
http://www.office365mvp.or
Best Regards,
Tej Pratap Shukla
To know how to verify if the account is hacked or not and also to know various methods to resolve this issue. You can find the relevant information in the link given below:
http://www.office365mvp.or
Best Regards,
Tej Pratap Shukla
I would say that this is most likely, though the user should do the steps that akb suggested just to be safe.
Do they show up in Sent Mail for that user? If not, someone has spoofed his name on emails.