If you’ve clicked a suspicious link, entered your credentials on a site you don’t trust, noticed unusual activity on your account, or shared information you shouldn’t have, act quickly. The faster you let us know, the more we can do to contain it.
What to do immediately
- Raise a support ticket immediately. This is the most important step. Tell us what happened, what you clicked or entered, and when it happened. We’ll take it from there.
- Don’t change your password or sign out of your account unless we’ve asked you to. We may need your active sessions and current state to investigate properly.
- Stop using the affected account until you hear back from us. If you need to keep working, use a different device if possible.
What we’ll do
Once we receive your ticket, we’ll assess the situation and take the appropriate steps to secure your account. Depending on what’s happened, this could include resetting your credentials, revoking active sessions, reviewing sign-in activity, checking for mailbox rules or forwarding that may have been set up by an attacker, and scanning for any wider impact.
We’ll keep you updated throughout and let you know once your account is secure.
Signs your account may have been compromised
Sometimes you won’t realise straight away. Look out for:
- Emails in your Sent folder that you didn’t send
- Password reset notifications you didn’t request
- Colleagues or contacts telling you they’ve received strange emails from you
- Unexpected MFA prompts that you didn’t trigger
- Rules or forwarding set up in your mailbox that you didn’t create
If you notice any of these, raise a support ticket immediately. Don’t wait to see if it happens again.
How to reduce the risk
A few things that significantly reduce the chance of your account being compromised:
- Never enter your password on a page you reached through an unexpected email link
- Always check the URL in the address bar before entering credentials
- Keep MFA enabled and approve prompts only when you’re actively signing in
- Report suspicious emails using the Report button in Outlook rather than engaging with them