Microsoft Defender for Office 365

Question

MY ACCOUNT WAS BLOCKED DUE TO SUSPICIOUS PATTERN DETECTED . PASSWORD CHANGED. HACKED EMAILS WERE SENT TO OFFICERS REQUESTING FALSE PAYMENTS DUE. CAN RECIEVE BUT BUT NOT SEND OUT

Answer 1

If your Microsoft 365 account has been blocked due to suspicious activity, such as sending hacked emails requesting false payments, it is important to take the following steps to regain control and restore your account functionality:

1. Reset Your Password: Since you mentioned that your password has already been changed, ensure that you have set a strong, unique password that is not easily guessable.
2. Review Account Activity: Check for any suspicious activity in your account. Look for unusual sign-ins or changes to your account settings. You can do this by examining the sign-in logs in the Microsoft Entra admin center.
3. Investigate Inbox Rules: Use PowerShell to check for any hidden inbox rules that may have been created by the attacker. You can run the following command to list all inbox rules:

      Get-InboxRule -Identity "your-email@example.com" -IncludeHidden | Format-List
   

   Remove any rules that look suspicious or were not created by you.
4. Check for Forwarding Addresses: Ensure that there are no unauthorized email forwarding settings that could be sending your emails to an unknown address.
5. Contact Microsoft Support: If your account remains blocked from sending emails, you may need to contact Microsoft support for assistance in unblocking your account and ensuring that it is secure.
6. Monitor Your Account: After regaining access, keep an eye on your account for any further suspicious activity. Consider enabling multi-factor authentication (MFA) for added security.

By following these steps, you should be able to secure your account and restore its functionality.

---

References:

• Respond to a compromised cloud email account
• Common symptoms of a compromised Microsoft 365 email account