Hacked email account? - Contacts receiving a flood of fake invoices

[Metanis]

I don't know if it will help you, but I documented a similar thread about 3 years ago.

Maybe you need to create a new alias and change it to be the main and only credential allowed for login? Keep in mind also my thread was for a consumer login, not a business 365 so it may have zero relevance.

[TIP] Post in thread 'Microsoft Account got hacked. PW change didn't help!'

Jun 20, 2023

Perhaps the final update to this saga?

Keep in mind this is for a PERSONAL Microsoft.com account, not a Business M365!

TLDR ... Create an alias email for the account, assign that new alias as the primary and ONLY account allowed to authenticate! Hope the hackers email sessions eventually time out!

1. I ran multiple antivirus scans using multiple products and ensured the machine was reported clean! I did this each and every time I visited the customer's site. I even purchased a Premium version of Malwarebytes although I think that was a waste of money because it never detected the...

• Metanis

• 

 

[timeshifter]

I think @Rigo has indicated it's a business 365 account where the customer uses their own domain for email. And, it's through GoDaddy.

If it were a regular Microsoft 365 tenant, the steps I would follow include these. Blocking sign-in for that user and resetting the user's password. You need to wait at least an hour before you try signing in again and make sure everybody gets signed out, which is supposed to take about an hour.

You also need to see if there's anything else going on in the account, which generally looks for rules in the mailbox for forwarding and moving messages as they arrive. Sometimes that's done with PowerShell just to be thorough. Then you probably should set up two-factor authentication.

As I mentioned before, I use claude.ai to guide me through these things. But again, since you're on GoDaddy, I don't know how to do a lot of this stuff with their tenant because the controls are a lot different.