Skip to content
Vectel
Support/Security

A colleague's account is acting strangely

Sending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.

Try this first

  1. 1Disable the account immediately (Microsoft 365: Active Users > user > Block sign-in). Investigate after.
  2. 2Force logout of all sessions (Microsoft Entra: user > Authentication > "Sign out all sessions").
  3. 3Check the mailbox for forwarding rules. Attackers usually create a rule that auto-forwards and deletes mail.
  4. 4Reset the password, enable MFA, then re-enable the account.
  5. 5Reach the colleague on another channel (not mail from the suspect account) to explain what happened.

When to bring us in

No experience with session revoke or mailbox rules? Do not do it alone; one missed forwarding rule and the attacker stays in. We can join within an hour.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works