Email with Office 365

I’ve been reading more & more about Office 365 email accounts being compromised/hacked.

Here are some basic steps we can take to prevent unauthorized access to our Pjhoerr & Benchmark Office 365 email accounts: 

Never follow a link in an email to sign into your Microsoft Office 365 account. These most often are fake sites that appear to look like the Office 365 login page but are actually bogus websites being used to harvest your login credentials. The Office 365 Login page looks like this (see screenshot below), however unless you intentionally type in the Office 365 Portal Login web address into your internet browser, assume the login page is fake.

If you are aware that you are using the same password for your Pjhoerr or Benchmark Office 365 email account as well as that same password for multiple sites; i.e. Dropbox, Client FTP sites, LinkedIn, Facebook, Sharefile, Banking, 401K, etc. we can change your Office 365 password to something else. All that will need to be updated is putting in that new password for your computer’s Outlook, as well as your email account on your smart phone or tablet.

From one of the security forums I follow:

The main take away is that you should never use the same password across multiple sites.
Once the password is acquired from one site, it could then be used to gain access to your accounts across multiple sites.

The hackers acquire user email accounts and passwords from previous breaches such as LinkedIn, Dropbox or Adobe, and hundreds more. 

They use the same password that was acquired from the previous breach but change the email account.

They try different variations of a person’s email account such as:

  *   jdoe@thecompany.com

  *   jane.doe@thecompany.com

  *   jannie.doe@thecompany.com

The hackers make the assumption that the person used the same password across multiple sites. And in some cases they were correct and were successful in gaining access to the user’s Office 365 account.