Last updated on: 2018-01-16
Authored by: William Loy
This article describes steps to identify a compromised mailbox, stop the attack, and prevent future attacks. If you need instructions on securing a compromised Rackspace Email mailbox, see Secure a compromised Rackspace Email mailbox.
For more information about prerequisite terminology, see Cloud Office support terminology.
If any of the following symptoms apply to you, take immediate steps to secure the mailbox.
Avoiding the following factors is a small inconvenience compared to the potential damage caused by a successful mailbox compromise. If you find that any of thes factors apply to you, take immediate steps to secure your mailbox.
Use the following steps to secure a mailbox that has been compromised:
Immediately change the password to the mailbox.
Warning: If you do not update all connected devices with the new password, Exchange mailboxes lock themselves. If the mailbox is locked, see Troubleshoot a locked Exchange mailbox..
Scan all devices for viruses and malware.
Malware and viruses can gather information that you enter through your infected device. If you scan your devices and find an infection, you need to change your password for a second time after you have removed the malicious software. Otherwise your mailbox information could already be in the hands of a hacker.
If the mailbox was disabled by Rackspace, follow these instructions to restore mailbox access.
Warning: Do not restore access until after you have changed the mailbox password and scanned all devices for malicious software.
Alert your colleagues and coworkers. If you are not the administrator for your company, you should alert your administrator immediately.
If the return-path and the originating IP address of the message was the source that led to the compromise, Blocklist them. Usually, the message contained a suspicious link or asked for your account information.
Educate your users about the risk factors and symptoms of a compromised mailbox. Email attacks are a constant threat that users and admins should be prepared for at all times.
©2020 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License