This week we have had 2 instances of individual Office 365 accounts being hacked. The connection has been from Turkey, logging into the users account. They first create a rule to delete all new incoming messages. Then they start pumping out email’s to your contacts, with attachments that look like Invoices and a subject of the users company name. These attachments attempt to open a file at OneDrive, which would ask the person to login to retrieve the file. At which time they gather that users information to do the same thing.
Please repeat to your users, to never open any attachment that they are not expecting. We also recommend turning on multi-factor authentication on any online account that you have.
Contact us about activating it on your individual Office 365 accounts, all of the admin accounts we already have locked down. It is not something we can turn on without instructions to the users.
You can change your password from the Office 365 portal at any time, if you feel it has been compromised. https://portal.office.com