Share via

Urgent: My Outlook.com Mailbox Is Rewriting All Incoming Emails (Server‑Side Compromise)

Marlene Green 0 Reputation points
2026-02-24T06:19:01.1866667+00:00

Hello Microsoft Support Team,

I need urgent assistance with my Outlook.com account. My mailbox appears to have been compromised at the server level, and all incoming emails are being altered automatically.

Here are the key details:

  • The entire body of every incoming email is being replaced with the same scam message.
  • The alteration happens only in Outlook Web, which means the modification is occurring before the message is displayed, on Microsoft’s servers.
  • I have already secured my account by:
    • Changing my password
      • Enabling multi‑factor authentication
        • Signing out of all sessions
          • Removing all connected devices
            • Removing all inbox rules, sweep rules, and junk filters
              • Confirming that no apps or services have mail permissions
                • Verifying that forwarding is disabled
                • I previously saw unauthorized sign‑ins from Germany, the UK, and Japan, but those stopped after securing the account.

Despite all of this, the issue continues. This suggests there may be:

  • A hidden inbox rule not visible in the Outlook.com UI
  • A malicious transport rule
  • A corrupted mailbox processing agent
  • Or another server‑side persistence mechanism left behind by the attacker

I kindly request that you perform a full mailbox reset, including:

  1. Removal of any hidden inbox or transport rules ?
  2. Purging of any malicious mailbox agents ?
  3. Resetting mailbox metadata ?
  4. Forcing a clean rebuild of mailbox processing components ?

This issue is severely impacting my ability to receive legitimate email, and I would appreciate your help resolving it as soon as possible!!

Outlook | Web | Outlook.com | Account management, security, and privacy

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jaspauela 5 Reputation points
    2026-03-02T19:23:11.2433333+00:00

    I am also having this issue. Only resolution from microsoft so far is to complete their ATO form: support.xbox.com/forms/recover-your-microsoft-account. This was referred after back and forth with the support chat. I just submitted the form and waiting for resolution.

    In the meantime (after also completing all the steps you mentioned above), I set up my own rule that copies emails to a new folder within my account. There I am able to view the emails in their original format/text. My inbox still rewrites everything, but at least I can view original version.

    I will update here if there is any resolution via Microsoft ATO submission.

  2. Q&A Assist
    2026-02-24T06:19:40.3266667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like your Outlook.com account is indeed experiencing severe issues that could be related to a compromise. Since you've already taken several important steps to secure your account, such as changing your password and enabling multi-factor authentication, here are some additional actions you can consider:

    1. Check for Hidden Inbox Rules: Even though you've removed all visible inbox rules, there could still be hidden rules. You can use PowerShell to view all inbox rules if you have access to Exchange Online PowerShell.
    2. Transport Rules: Malicious transport rules can be set up at the server level. If you have administrative access, check the transport rules in the Exchange admin center.
    3. Mailbox Processing Agents: If you suspect a corrupted mailbox processing agent, you may need to contact Microsoft support directly for assistance, as they can perform deeper diagnostics and potentially reset your mailbox processing components.
    4. Full Mailbox Reset: Unfortunately, a full mailbox reset is not something that can be done by users. You will need to reach out to Microsoft Support directly for this level of assistance. They can help remove any hidden rules, purge malicious agents, and reset mailbox metadata.
    5. Monitor for Unauthorized Access: Continue to monitor your account for any unauthorized access attempts. Make sure to review the sign-in activity in your account settings.

    Since this issue is impacting your ability to receive legitimate emails, contacting Microsoft Support directly is crucial for a resolution. They have the tools necessary to investigate server-side issues and can assist you in restoring your mailbox to normal functionality.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.