Share via

My outlook has been hacked

panagiotis mantas 0 Reputation points
2026-02-28T18:06:58.3233333+00:00

I changed my password but i am still receiving suspicious emails. Meanwhile, my sent items folder is empty. I am not sure if my account is still compromised. How do I resolve this?

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. John Jefferson Doyon 62,125 Reputation points Independent Advisor
    2026-02-28T18:44:42.4633333+00:00

    Hi, I'm John!

    About the persistent draft being credited:

    If you haven't tried anything yet, please start by running a full antivirus scan on your computer using Windows Security and any third-party antivirus software you have.

    Run a full deep scan using a trusted security tool:

    To be safe, I recommend the following steps:

    Check your account rules and forwarding settings, hackers create rules that automatically forward or delete emails. You can do this in Outlook settings under Mail > Rules and Forwarding. https://support.microsoft.com/office/manage-email-messages-by-using-rules-in-outlook-c24f5dea-9465-4df4-ad17-a50704d66c59

    Just to be safe, I’d recommend to sign out everywhere. Visit: https://account.live.com/proofs/manage/additional Scroll down to Sign me out and select "Sign me out".

    After signing out everywhere, please monitor if the issue persists in the coming hours.

    "How to help keep your Microsoft account secure" https://support.microsoft.com/account-billing/how-to-help-keep-your-microsoft-account-secure-628538c2-7006-33bb-5ef4-c917657362b9

    I really hope this information is helpful! Let me know if you have any further questions or concerns.

    Regards,

    John J.D.

    1 person found this answer helpful.
    0 comments
  2. panagiotis mantas 0 Reputation points
    2026-02-28T18:10:23.1333333+00:00

    Talk to live agent

    0 comments
  3. panagiotis mantas 0 Reputation points
    2026-02-28T18:09:20.8266667+00:00

    Live agent

    0 comments
  4. Q&A Assist
    2026-02-28T18:07:19.9366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Follow these steps to secure the Outlook.com account and verify whether it is still compromised:

    1. Scan all devices for malware
      • Before making further changes, run a full, up-to-date antivirus scan on every PC/phone/tablet used to access Outlook.com. This is required before changing security settings to ensure attackers are not still capturing credentials.
      • If using Windows 10/11 or 8.1, turn on and run Windows Defender as described in the guidance.
    2. Change the Microsoft account password again
      • After confirming devices are clean, change the Microsoft account password once more using a strong, unique password. Use the official password change/reset options from the Microsoft account page.
    3. Check Outlook.com account settings for attacker changes
      • Sign in to Outlook.com on the web and review:
        • Inbox rules: Remove any rules that automatically move or delete messages, or forward mail to unknown addresses.
        • Forwarding: Turn off forwarding or remove any forwarding addresses that are not recognized.
        • Automatic replies: Disable any automatic replies that were not set personally.
      • These settings are commonly modified in compromised accounts and can explain why Sent Items looks empty (for example, if rules are moving or deleting messages).
    4. Review recent account activity
      • Go to the recent activity page at https://account.live.com/activity (as referenced in the documentation) and review sign-ins:
        • Check locations, IPs, and times for anything that does not match normal usage.
        • If unfamiliar activity appears, treat the account as still compromised and continue with all steps here.
    5. Secure the Microsoft account recovery options
      • Add or update alternate email addresses and mobile phone numbers in the Microsoft account security settings so recovery is possible if the account is compromised again.
    6. Use Outlook.com safety indicators and treat suspicious mail as phishing
      • For new messages:
        • Look for the trusted sender icon and mail header; if it is not present and the message seems suspicious, verify with the sender before opening attachments or clicking links.
        • Pay attention to yellow safety bars (blocked content) and red safety bars (content blocked as unsafe). Delete messages that show a red safety bar.
      • Many suspicious emails may be phishing attempts rather than a sign of ongoing compromise.
    7. If the account appears hacked or behavior continues
      • If there are still signs of compromise (unexpected drafts, rules reappearing, more suspicious activity in recent activity), follow the full hacked-account recovery guidance and sign-in helper flow for Outlook.com/Microsoft accounts to lock out the attacker and restore settings.

    After completing these steps, continue to monitor recent activity and mailbox behavior. If suspicious sign-ins stop and no new malicious rules or forwarding appear, the account is likely secured; ongoing unusual activity indicates further recovery steps are needed.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.