Cybersecurity Alert: Attackers Targeting Office 365 Email

August 3, 2017

Threat Summary

ACA Aponix has received numerous notices in recent weeks that attackers have compromised Office 365 logins for staff (most commonly via phishing attacks) and are setting up auto-forward rules to malicious email addresses.

While this is not a new type of attack, Office 365 is typically configured for Outlook Anywhere and various multi-factor authentication bypass mechanisms, which allows attackers to remotely create inbox forward rules.

ACA Aponix Guidance

We recommend taking the following precautionary measures:

  • Block forwarding rules for all users;
  • Enable multi-factor authentication for Office 365; and
  • Limit Office 365 access to domain-joined devices.

If you have any questions, please contact your ACA Aponix consultant or email us at