Share via

Malicious draft email keep appearing in my mailbox.

Maria Saparova 20 Reputation points
2026-02-03T04:22:49.96+00:00

Hi, I got hacked on my hotmail.com account. I have managed to change my password, I have canceled the forwarding rules that were enabled, I have asked to sign me out of all devices (the support message mentioned it might take up to 24hrs).

I have checked that there are no connected devices to my account. I have checked the account activity which looks like last unauthorized account sign in was 6 hours ago from Ecuador.

However, the draft emails with ransom letter keep appearing every 2 minutes. I'm not sure if that means that someone still has access to my mailbox and can do more damage.

Could you please assist me with verifying if anyone still has unauthorized access to my mailbox? How can I make sure that unauthorized access has been terminated?

Outlook | Web | Outlook.com | Account management, security, and privacy
Answer accepted by question author
  1. Gunasekar N 56,810 Reputation points Independent Advisor
    2026-02-03T06:07:28.17+00:00

    Hello, thank you for reaching out to Microsoft Q&A.

    There have been many reports of scam and spoof emails in Outlook, similar to what you’re seeing. This can happen if you signed in to a fake or malicious website, and someone got access to your account details.

    Just leave the draft alone and follow the security steps (password reset, sign out everywhere, and turn on two-step verification) to protect your account.

    1. Reset your Microsoft account password.

    Open an InPrivate/Incognito browser window and use the following link to reset your password: https://account.live.com/ResetPassword.aspx

    2. Sign out of your account from all sessions.

    Once the password reset is successful, sign in with your account here: https://account.live.com/proofs/Manage

    Scroll down until you find Sign out everywhere. Select Sign out everywhere.

    3. Enable two-step verification.

    On the Security settings page, under Additional security, turn on Two-step verification. Make sure you have at least three security verification methods active.

    After you have enabled these security protections, sign out of your account in the Outlook app and sign back in with your new password.

    The draft message in your inbox should disappear within 24–48 hours.

    In addition to this, open Microsoft To Do and delete all the drafts in the 'My Day' section or in the 'Task lists' where you see the drafts. To open To Do

    In the https://outlook.live.com/ online, select ToDo in the left pane to launch it.

    Click on a draft task and delete it.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Maria Saparova 20 Reputation points
    2026-02-03T04:25:04.7133333+00:00

    I have tried to do all what has been suggested, the draft emails still appear in my mailbox

    0 comments
  2. Gunasekar N 56,810 Reputation points Independent Advisor
    2026-02-03T07:41:44.49+00:00

    Maria,

    After you remove the tasks from To Do, it can take some time for the changes to sync to the Outlook servers (this usually happens in the background for your account). Because of this, it may take up to 12 hours or more for the drafts to completely disappear from your hotmail email account.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.