Has Someone Logged Into Your Microsoft 365 Account? (True for other email providers too!)
First things first: Your email account is EVERYTHING. Think about it; if somebody had access to your email account, they could authorize almost anything. If your account has been compromised, you need to take action. Here's how to tell: 1) Log into your Microsoft 365 portal by going to Office.com and logging in using your email address and email password. 2) In the upper-right-hand corner, click on the picture of you, or your picture placeholder, and choose "My Account."
3) Go to your "Recent Logins." If you see unsuccessful logins to your account from far away places, someone or something is trying to login to your account and will keep trying. BUT - if you see successful logins that you do not recognize, this is cause for alarm. a) Change your password. b) Choose the links to "Sign out everywhere."
What's next? 1) Multi-factor authentication (MFA) is probably in your future. In fact, Microsoft has indicated that MFA will be required by October 2022. That's when, upon logging in, you're asked to submit a 6-digit code, or otherwise authorize that login. Per Microsoft, this is effective. Very effective. So do that, and keep an eye on those Recent Logins. 2) Don't use a weak password. Follow the rules: 8 characters or more; include an upper-case letter, a lower-case letter, a number, and a special character. Don't include your birthday, your address, or your phone number. 3) Assume all your emails are being read by somebody else. Don't email passwords.
More to follow, but FIRST THING: check your M365 portal for nefarious login attempts.