@msn.com hijacked to @outlook.com

Question

My mail was hijacked, someone created a rule that sent all my mail to a folder I didn’t create that then reroutes the mail to [my username]@outlook.com. I can‘t access the @outlook domain. I changed my password and deleted the rule from outlook. Is there something else I need to do?

Answer 1

If your email account has been hijacked and a rule has been created to reroute your emails, it's crucial to take additional steps beyond just changing your password and deleting the rule. Here are some recommended actions:

1. Enable Multi-Factor Authentication (MFA): This adds an extra layer of security to your account and can prevent unauthorized access.
2. Check for Other Rules: Ensure that there are no other suspicious rules set up in your email account that could redirect your emails.
3. Review Account Activity: Look for any unusual activity in your account, such as sent emails you did not send or changes to your account settings.
4. Secure Your Account: Consider using the Microsoft Defender portal to investigate any suspicious activity and take necessary actions to secure your account.
5. Contact Support: If you are unable to regain full access or if the issue persists, consider reaching out to Microsoft support for further assistance.

Taking these steps can help you regain control of your email account and prevent future incidents.

---

References:

• Respond to a compromised cloud email account
• Common symptoms of a compromised Microsoft 365 email account

Answer 2

Hi Ruth Fleming-Stephens

Thank you for reaching out to Microsoft Q&A Forum. I'm glad you caught this and already changed your password and deleted the malicious rule, those were the right first steps. However, since your account was compromised, there are additional critical security checks you need to check to ensure the hacker is fully locked out:

Just to confirm, when you say you "can’t access the @outlook.com domain", do you mean:

• it appears as an alias on your Microsoft account but you can’t sign in with it, or
• it looks like a separate account you never created?

In the meantime, please try these steps:

1. Check your aliases (this relates to the @outlook.com you mentioned)

It sounds like the hacker may have created an alias or connected account:

• Sign in to https://account.microsoft.com/profile
• Under Account info, review your aliases and remove anything you didn’t add.
• Also note: you can sign in with any alias on the account using the same password, so if it is your alias, you should be able to access it once you’re signed in.
• You can see Add or remove an email alias in Outlook.com - Microsoft Support

2. Review all inbox rules again

Double-check there aren't additional hidden rules:

• In Outlook on the web, go to Settings > Mail > Rules
• Confirm no suspicious rules exist that you didn't create

3. Check for email forwarding and sweep settings

• Still in Outlook web, go to Settings > Mail > Forwarding/ Sweep
• Turn off forwarding if it's enabled
• Ensure no sweep rules are automatically moving/deleting emails

4. Review and secure your recovery information:

The hacker may have changed your security info:

• Go to https://account.microsoft.com/security > Manage how I sign in 
• Remove any unfamiliar sign‑in methods you don’t recognize 
• Check the list of devices associated with your account 

5. Review and secure recent sign‑in  

• Check Recent activity at https://account.microsoft.com/activity  
• Choose This wasn’t me/ Secure your account for anything suspicious and Sign out everywhere
• Turn on Two-step verification: How to use two-step verification with your Microsoft account - Microsoft Support

For more details, you can also see this official guide: How to help keep your Microsoft account secure - Microsoft Support

Thanks for your time and understanding. Please feel free to let me know how it goes.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".    

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.