What to do if Your Email is Hacked
- Change your email password (using something like 1Password to generate a random and unique password).
- Enable Two-Factor Authentication (2FA), also known as multi-Factor Authentication (MFA). See Google 2-Step Verification, and instructions further down on this page for Microsoft 365.
- IMPORTANT: Log in to your webmail account and check for unusual settings — including "hidden" rules with no names (spaces used) ...
- Email Rules (Inbox and sweep rules)
- Block or allow (Safe Sender and Recipients and Blocked Senders)
- If you confirm a real hack — someone was in your account — then notify the following people and explain what happened. This will help build security awareness and may prevent them from becoming the next target.
- OTHER TASKS TO CONSIDER
- Notify your mobile carrier and let them know what's happened. Verify you have a security PIN on your account to help minimize any unauthorized changes.
- Notify your insurance company, health insurance provider(s), and any other critical services so they can keep an eye peeled for any nefarious activity.
- Make a list of your online accounts, including social media, email, services, platforms, etc. Then go through the list and change passwords (and also enable 2FA for each of them while you're at it).
Office 365 How-Tos
EVERYONE: Check Your Office 365 Email Sweep Rules, Block or allow and Forwarding
- Login to your email at outlook.office365.com.
- At the top of the page, select Settings (Gear icon) > Your app settings: Mail.
- In Options, select Mail >
- Automatic processing > Inbox and sweep rules
- Accounts > Block or allow
- Accounts > Forwarding
- If you see anything you don't recognize or understand, contact your IT team immediately!
ADMINS: Enable Office 365 Multi-Factor Authentication
- Admin console > Users > Active Users. Note: You must be logged in as an Admin. Partner access will not work to make these changes.
- More menu > More > Setup Azure multi-factor auth
- Leave the search field blank and hit search to bring up a list of all users and MFA status
- Check desired names then click enable on the right sidebar.
- Ask the enabled accounts to visit https://aka.ms/MFASetup to complete the setup.
- NOTE: Non-Microsoft apps will require unique passwords. See, Office 365: Using MFA with 3rd party email client.