Warning your Office 365 Password has expired, click this link to update it.

How many times this year has an email with a similar title come across your Outlook Inbox?  The all to common reaction is to click the link and proceed with the password reset instructions.  Email Phishing attacks are on the rise as they try to get you to click on the false link and provide credentials to your Office 365 email account, bank account, apple or other service account.  If you were unlucky enough to fall victim to a phishing email here are some things to do to help remediate the situation.

First – change the account password.  Password changes can be done via an office 365 admin users account or via the compromised account (assuming the old password still works).  Changing the password will cut off access to any unauthorized individual that might be in the account.  If the compromised account belongs to an Office 365 administrator, it would be best practice to also reset any other users account passwords.

Second – check the email account(s) for any unwanted forwarding rules or mailbox delegation rules that may have been put in place by the attacker.  Mailbox delegation can be used by attackers even if your password has been changed, so it is wise to look for entries in this area also.

Third – run a malware / virus scan on the workstation.  Ensure there was nothing malicious installed onto the PC.  Use a trusted third-party scanner tool, and ensure your system is running all the latest available windows updates (if it is a windows pc).  At the time of writing, Microsoft offers their Malicious Software Removal Tool to remove unwanted software.  Search the Microsoft downloads page for the latest version of this tool.

Forth – enable multi factor authentication in your Office 365 environment. Office 365 can use Azure Multi-Factor Authentication to ensure you are the only individual with access into your account.  It uses a few different forms of secondary authentication to confirm you are you.  This included the Microsoft Authenticator app on your mobile, a secondary password, or a biometric device.

And lastly – security awareness training for staff.  Training your staff to correctly identify phishing attempts will help ensure your network is protected.