![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 63%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Outlook | Web | Outlook.com | Email
Sending, receiving, and organizing email in Outlook.com
This Outlook.com account is heavily compromised and the attacker still has active access. Immediate steps are:
- Clean all devices used with this account
- On every PC where this Outlook.com account was used, run a full antivirus/malware scan before doing anything else. If running Windows 10/11 or 8.1, use Windows Defender:
- Select Start.
- Search for Windows Defender and open it.
- Turn on protection and run a full scan.
- Do the same on phones/tablets (use their built‑in or trusted security apps). Do not sign back into the Microsoft account from any device until scans are clean.
- On every PC where this Outlook.com account was used, run a full antivirus/malware scan before doing anything else. If running Windows 10/11 or 8.1, use Windows Defender:
- Regain control of the Microsoft account
- Use the official hacked/compromised account flow:
- Go to How to recover a hacked or compromised Microsoft account and start the sign‑in helper tool. It will ask for the email or phone and guide through self‑help or offer an agent chat.
- If sign‑in is still possible, immediately:
- Change the password again using the change your password link in the article.
- Ensure the new password is strong and unique.
- If sign‑in is no longer possible because the attacker changed the password and removed the phone:
- Use the account recovery form linked from the same article and provide as much accurate information as possible (old passwords, contacts, subjects of recent emails, etc.).
- If the form fails or shows temporary errors, wait for the lockout period to expire and try again from a familiar device and network.
- Use the official hacked/compromised account flow:
- Lock out the attacker and remove persistence (if access is regained)
After successfully signing back in, immediately:
- Sign out of all sessions:
- Use the Microsoft account security page option to sign out everywhere so any active attacker sessions are killed.
- Check mailbox rules and forwarding:
- In Outlook on the web, go to Settings → Mail → Rules and delete any suspicious rules (especially ones that create or modify drafts, move mail to unusual folders, or forward mail).
- Go to Mail → Forwarding and remove any unknown forwarding addresses.
- Check Automatic replies and clear any messages the attacker configured.
- Review connected accounts and app permissions:
- Use the connected accounts, forwarding, and automatic replies links from the hacked‑account article to verify nothing unknown is configured.
- Remove any unknown connected accounts or apps that have access.
- Sign out of all sessions:
- Strengthen security to prevent re‑compromise
Once the account is stable:
- Add back secure security info:
- Re‑add a trusted mobile number and alternate email that only the legitimate owner controls.
- Enable strong sign‑in methods:
- Turn on two‑factor authentication (MFA) using Microsoft Authenticator or other secure methods, following the guidance in the hacked‑account article.
- Use a strong password and do not reuse it on any other site.
- Add back secure security info:
- Damage control and monitoring
- Assume email content and attached files may have been accessed. For financial or identity documents, contact banks and relevant institutions to monitor for fraud.
- Inform contacts from another email or channel that the Outlook.com account was compromised and that they should ignore suspicious messages from it.
- Continue to monitor the account for:
- Suspicious inbox rules.
- External forwarding.
- Unusual sent items or deleted items.
- Frequent password change prompts or lockouts.
- If recovery keeps failing
- If the automated recovery form and the hacked‑account helper do not restore access, use the official support contact options described in the referenced Q&A answers to reach a support agent via web chat and report:
- Account takeover.
- Continuous ransomware drafts.
- Security info (phone) removed.
- For a personal Outlook.com account, support and recovery are handled strictly through these automated and official channels; if the attacker fully replaced security info and the form cannot verify ownership, there may be no additional recovery path.
- If the automated recovery form and the hacked‑account helper do not restore access, use the official support contact options described in the referenced Q&A answers to reach a support agent via web chat and report:
References:
- How to recover a hacked or compromised Microsoft account
- Respond to a compromised cloud email account
- Common symptoms of a compromised Microsoft 365 email account
- Phishing and suspicious behavior in Outlook
- My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
- Hacker set up continuous draft ransomware email - Microsoft Q&A
- My account got hacked. - Microsoft Q&A
- How do I send an email to Microsoft about my account being hacked and taken over by <removed> ? - Microsoft Q&A
