How can I secure Microsoft 365 after a hack and invoice spoofing issues?

By
Dan
-
0
11
Asked By TechieTamer42 On

I have a client who recently moved their domain email to Microsoft 365. They were hacked a few months ago, and despite changing passwords, they couldn't disconnect the hacker. I got involved and decided to reboot all the routers and switches, which seemed to stop the immediate problem. However, a month later, some of their customers started receiving invoices asking for payments via ACH, leading us to believe there might still be issues. We checked for unauthorized logins but found none. I suspect the emails might be originating from outside the organization but haven't been able to analyze the email headers for clues. I'm not a Microsoft 365 expert, so I'm looking for advice on how to proceed with ensuring security and addressing this spoofing situation.

5 Answers

Answered By EmailExpert99 On

If you're struggling to identify where these spoofed emails are coming from, then it might be time to hire someone who can help. Without a clear understanding of the email sources, you're going to run into serious challenges.

Answered By CandidCritic22 On

To be straightforward, the situation may stem from your client's own oversight. It sounds like basic email security steps haven’t been taken yet, like reviewing mailbox rules or checking enterprise applications. Rebooting the network equipment won’t protect against future breaches if the security settings are not properly configured.

Answered By StrongSecurity007 On

Your client really needs someone who knows how to properly lock down their Microsoft 365 setup. There are a lot of tools like Exchange Online and various Defender services that need configuring. It would help to know if their current licenses include at least Entra ID P1 for effective security measures.

Answered By PhishingPro123 On

Make sure you have SPF, DKIM, and DMARC properly set up for your domain. This is essential to help combat spoofing. Checking the email headers of those suspicious invoices will provide insight into the actual sending IP, which can tell you if they came from inside or outside your organization. Proper domain authentication is crucial.

Answered By ConsultingWizard On

You should seriously consider contacting your cyber insurance provider about this potential breach, and follow their guidance. Engaging a security consultant can also provide a structured response plan to handle this situation comprehensively.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.