With unacceptable frequency, our users of Office 365 E3 keep getting hijacked.
The last victim had a password which was 11 characters in length so I presume it wasn't brute-forced. Therefore, I'm assuming he fell victim to a phishing attack and accidentally disclosed his office 365 email address and password. Any other scenario I'm not considering for how this could have happened?
It seems that Microsoft is slow in detecting the sudden burst of outbound malicious email from. Generally, the compromised account sends emails to everyone in our company and who knows how many outside contacts.
1. Aside from multi-function authentication, what can we do to prevent this?
2. By chance, is there any kind of solution which can detect a sudden burst of mail from a far-away IP address (e.g. China vs. USA)?
3. What's the best/most common anti-phishing solution? Do these solutions only protect local Outlook or webmail as well?
Any other thoughts or suggestions would be very much appreciated.