![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 73%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 56.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Thank you for posting your question in the Microsoft Q&A forum.
I understand this situation is very urgent and requires immediate action. To provide the most accurate steps, could you please provide more details about the incident? While I cannot access your organization information for specific details because as a moderator I don't have tools to access them, I can provide immediate action steps to help you.
In the meantime, based on your description, here are some urgent steps you can take to strengthen your business's security:
- Inform your IT team: This is the most critical step. If your IT team is not yet aware, notify them immediately so they can take timely technical actions.
- Call your bank right away and ask them to freeze or reverse any suspicious transactions. Time is the deciding factor in recovering lost funds.
- Temporarily disable compromised accounts. Ask your IT team to temporarily disable the compromised email account to prevent the attacker from continuing to misuse it.
- Quarantine suspicious emails. Isolate emails sent by the attacker and notify any affected users.
- To prevent similar risks in the future, you should consider implementing the following measures:
- Enable Multi-Factor Authentication (MFA). Activate MFA with Conditional Access to enhance security for all accounts.
- Use Microsoft Defender for Office 365. Leverage Defender's features to optimize threat detection and reporting.
I hope this information is helpful. I look forward to receiving more details from you to assist you better.
If I've understood your situation, please help me provide more details about your request so that I can better help you with the next steps.
Looking forward to your response!
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.