Here is hacking case and links I sent to customer. First link has all the steps to fix account.
Powershell script is below:
How to fix a compromised (hacked) Microsoft Office 365 account
Remediate affected account and improve your security posture
There are two options to be able to do this:
Option 1: Run RemediateBreachedAccount.ps1 PowerShell script against each account compromised
The ‘RemediateBreachedAccount.ps1‘ will remediate the attack to the accounts compromised and will remove any standing access to those accounts. It will perform the following actions:
- Reset password (this secures the account and kills active sessions).
- Remove mailbox delegates.
- Disable mail forwarding rules to external domains.
- Remove global mail forwarding property on mailbox.
- Enable Multi-Factor Authentication (MFA) on the user’s account.
- Set password complexity on the account to be high.
- Enable mailbox auditing.
- Produce Audit Log for the admin to review.
Prevention:
Multi-Factor Authentication for Office 365
https://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/
Learn more about how to use DKIM with your custom domain in Office 365
Use DKIM to validate outbound email sent from your custom domain in Office 365
https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
Manually hooking up DKIM signing in Office 365
https://blogs.msdn.microsoft.com/tzink/2015/10/08/manually-hooking-up-dkim-signing-in-office-365/
Outbound DKIM signing in Office 365
https://blogs.technet.microsoft.com/eopfieldnotes/2015/10/23/outbound-dkim-signing-in-office-365/
Office 365 email anti-spam protection
Configure the connection filter policy (Block IP Addresses)
https://technet.microsoft.com/en-us/library/jj200718(v=exchg.150).aspx
Spam email and Office 365 environment – connection and content filtering in EOP (Block Countries and Regions)
Advanced Spam Filtering Options
https://technet.microsoft.com/en-us/library/jj200750(v=exchg.150).aspx
View e-mail message headers
Office 365 Message Header Analyzer (Analyze Email Header Information)
https://testconnectivity.microsoft.com/
Search the audit log in the Office 365 Security & Compliance Center
Reports in the Office 365 Security & Compliance Center
Create activity alerts in the Office 365 Security & Compliance Center
| Special Thanks to: Bob Klinger |
Thank you so much to both Bob Klinger and Joel Rosario for putting this together.
I just couldn’t depart your site before suggesting that I actually enjoyed the standard information a person provide for your visitors? Is gonna be back often in order to check up on new posts kbggdkbkadeg
Good day! I know this is kind of off topic but I was wondering if you knew where I could find a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding one? Thanks a lot! edeedefdckaf
Hi John the best one is Akismet plug it might cost a few bucks but may not be much for the benefits. http://www.funtechtips.com/2013/07/akismet-or-captcha-which-is-better-for-wordpress-comment-spam/