Share via

Hacker set up continuous draft ransomware email

Natalie S Copeland 25 Reputation points
2025-11-17T18:06:13.65+00:00

Hi, My account got hacked. I've changed my password and set up authenticator, but the hacker seems to have set up some rule to continuously create a draft ransomware email. I deleted a rule that I found that said something Demon. How do i stop this?

Outlook | Windows | New Outlook for Windows | For home
Answer accepted by question author and recommended by moderator
  1. Anonymous
    2025-11-17T19:12:14+00:00

    Hello Natalie,

    To stop this completely, you’ll need to do a thorough cleanup, Sign in to Outlook Web and check Settings → Mail → Rules for any suspicious rules (like the “Demon” one you found) and delete them. Also check Mail → Forwarding and remove any unknown forwarding addresses. Next, go to Microsoft Account Security and use Sign out everywhere to kill all active sessions.

    Then visit Manage App Permissions and revoke any apps you don’t recognize, hackers often use these to maintain access. If you have Microsoft 365 admin access, review Exchange Admin Center → Mail Flow → Rules and run PowerShell commands like Get-InboxRule -Mailbox youraddress@example.com to find and remove hidden rules.

    Finally, reset your password again, keep MFA enabled, and monitor sign-in logs for suspicious activity. Microsoft also recommends checking for connectors or add-ins that might have been installed.

    This might help

    https://learn.microsoft.com/en-us/defender-office-365/detect-and-remediate-outlook-rules-forms-attack

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Natalie S Copeland 25 Reputation points
    2025-11-20T00:01:26.7666667+00:00

    Went into "to do" and saw the flag there. Deleted it. Then deleted from my email. and have not gotten another one. Either they ran out of time to do it or that cleared it after removing the rule.

    0 comments
  2. Q&A Assist
    2025-11-17T18:07:24.7866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To stop the continuous creation of draft ransomware emails in your Outlook account, you should take the following steps:

    1. Check for Additional Rules: Besides the rule you already deleted, check for any other suspicious inbox rules that may have been created by the hacker. Look for rules that might be set to create drafts or forward emails.
    2. Reset Your Password Again: Since your account was compromised, it’s advisable to reset your password again to ensure that the hacker cannot access your account.
    3. Review Account Activity: Check your recent account activity for any unauthorized actions or changes. This includes checking sent items for emails you did not send.
    4. Enable Multi-Factor Authentication (MFA): If you haven't already, ensure that MFA is enabled on your account for added security.
    5. Scan for Malware: Run a full antivirus scan on your devices to ensure that no malware is present that could be causing this issue.
    6. Contact Support: If the problem persists, consider contacting Microsoft support for further assistance in securing your account and stopping the malicious activity.

    Taking these steps should help you regain control over your account and prevent further unauthorized actions.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.