Be Aware Of Your Office 365 Rules
As Office 365 has become popular with businesses of all sizes, it has also become a popular attack vector for hackers and fraudsters. One of the ways that these internet miscreants have been attacking Office 365 customers is through mail processing rules.
Office 365 mail processing rules are similar to the Outlook rules you used when you had an Exchange server located at your business. The difference is, while your Outlook rules were often only manageable from inside your business, the mail processing rules for your Office 365 account are manageable from anywhere in the world.
Checking your Office 365 mail processing rules is simple
- Log into the Office 365 portal with your web browser. On the landing page, click the "Mail" tile or select "Mail" from the icons that appear when you click the grid icon in the top-left corner.
- Next, click the Gear icon (top right) and select "Mail" under the "My app settings" subheading.
- Then, from the Options menu, click "Inbox and sweep rules." Any existing rules are listed in the Inbox Rules window. You should look through those rules to make sure there isn’t anything you didn’t put there.
These kinds of attacks generally start with compromised Office 365 passwords. One of the ways you can strengthen yourself and ALL of your accounts from these password based attacks is to not use the same passwords for multiple services.
Why? Compromises at popular internet services seem to be a frequent occurrence. Hackers often get away with account information, which usually includes the usernames, e-mail addresses, and passwords used for the compromised service. If you’re using the same username, e-mail address, or password for one of these compromised sites, that information will likely be used attack accounts you have with other internet services (i.e., Office 365). Another way to fortify your Office 365 account is to setup multi-factor authentication.