Share via

Account hacked- drafts being created and pinned every 2 minutes

Sarah Fleming 5 Reputation points
2026-02-24T13:44:18.79+00:00

My account was hacked and changed to a different language and i was sent a very threatening email that included my real password. i have changed my password, put every authentication feature on, and clicked the sign out option to sign everyone out everywhere. i am still receiving drafts that are pinned and flagged at the top of my page that include the threatening message every two minutes. on top of that the other section is being spammed with the email from multiple different senders. i have checked if there are any rules, there are not. i have unpinned and unflagged and deleted the drafts, they keep coming through. I have been through three different customer service agents who have all been very unhelpful. the issue is happening on my account across every device i own so it is not a device led issue. when i was hacked the security back up information was changed, i have since changed it back. my authenticator app also informed me there was a sign in to the thunderbirds app, if that means anything.

Overall i have tried everything and am still getting these messages every two miuntes. on top of that some email content from previous emails i have recieved this week have been wiped and now solely include the threatning message. please tell me how to fix this. i have reported all the threatening emails.

Outlook | Windows | New Outlook for Windows | For home

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 214.3K Reputation points Independent Advisor
    2026-02-24T14:20:00.8066667+00:00

    Hello,

    Make sure you do this on a computer, not on smartphone or tablet. Go to https://www.outlook.com and log in, click on the gear icon on the top right to launch the settings.

    Then, on the Mail tab, go to Rules. Are there any rules set up here? If yes, delete them all.

    Then check the conditional format, again, if it's there, delete it.

    Then, check Forwarding and IMAP, If any items are present, delete them as well.

    ===========

    If you can't find anything, go to https://account.live.com > Your info > Sign in Preferences. Make sure to check all the aliases here. If you don't recognize any there, delete it.

    Then go to Security > Manage How I sign in, make sure all contact info is yours. Then scroll down on the same page, look under App Password, click on remove existing app passwords as well.

    Please make sure you change your password and enable two-step verficiation.

    Go to your account online, go to Devices, remove any devices you don't recognize.

    Then go to Security, click on Sign out everywhere. This is meant to kill any session that's still connected. Unfortunately, this one will take 24 hours to take effect.

    Then, take one step further - Go to your Microsoft account online https://account.live.com> Sign in > Your info > Sign in preference. Add an alias - You have two options here:

    Create new: this will allow you to use the native domain outlook.com to create a new alias.

    Add existing: this will allow you to add a 3rd party email address, such as yahoo, gmail, as long as they are not already associated with another Microsoft account.

    Once added, make this new alias your primary alias, do NOT delete the old alias. Then at the bottom, click on "Change sign in preference". On the next page, uncheck the box for the old alias. This means, from now one, the old alias cannot be used to sign into your Microsoft account, but it can be still used to receive emails, etc.d

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.