ACA Aponix has received numerous notices in recent weeks that attackers have compromised Office 365 logins for staff (most commonly via phishing attacks) and are setting up auto-forward rules to malicious email addresses.
While this is not a new type of attack, Office 365 is typically configured for Outlook Anywhere and various multi-factor authentication bypass mechanisms, which allows attackers to remotely create inbox forward rules.
ACA Aponix Guidance
We recommend taking the following precautionary measures:
- Block forwarding rules for all users;
- Enable multi-factor authentication for Office 365; and
- Limit Office 365 access to domain-joined devices.
If you have any questions, please contact your ACA Aponix consultant or email us at email@example.com.