Pau Lo
asked on
office365 email compromise
If someone has compromised as in gained unauthorised access) to an Office365 email account, for the purposes of data access, is there anyway they could lead emails out to an external address without it leaving a trace in the tracking logs? With such an attack how is it likely the attacker would make use of the access they have achieved through whatever compromise, to read/use the data? It seems a bit simplistic to me to just start forwarding them outwards, but I am not sure how these attacks happen and what exactly it is they would do with their access once achieved (and how to determine what if anything they did do once access was achieved).
So, prevention is better than tracing after being compromised.
Turn on two factor authentication to prevent the compromise of the Office 365 account.
Turn on two factor authentication to prevent the compromise of the Office 365 account.
ASKER
its not quite that simple though if there is suggestion of compromise you had to legally determine to what extent in certain cases. from what I understand if there are certain protocols enabled for accessing a office365 mailbox then 2FA can sometimes be bypassed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just setup the Office 365 account as an Exchange account in MS Outlook and drag and drop (and press the Ctrl key at the same time) to copy the emails in a local .PST file in MS Outlook. If do not press the Ctrl key, the emails are moved to the local .PST file and will be gone forever.
There are no traces or logs.