Share via

email was hacked

Hector Lugo 0 Reputation points
2026-03-04T18:17:15.7866667+00:00

I received an email from my same email with a invitation and I clicked on it and now it sent the same email to all of my contacts and emails

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. John Jefferson Doyon 65,640 Reputation points Independent Advisor
    2026-03-04T18:52:08.8966667+00:00

    Hi, I'm John!

    First, secure your account right away:

    1. Go to the Microsoft security page: https://account.microsoft.com/security
    2. Change your password immediately. Use a strong, new password you have not used before.
    3. Turn on Two-Step Verification if it is not enabled.

    Then check these:

    1. Check email rules
    • Sometimes hackers add rules that keep sending messages.
    • Open Outlook/Hotmail in a browser
    • Go to Settings > Mail > Rules
    • Delete anything you do not recognize.
    1. Check connected apps
    1. Scan your device
    • Run a full antivirus scan on your computer to make sure there is no malware.

    Click "Add comment" to let me know.

    Regards,

    John J.D.

    0 comments
  2. Q&A Assist
    2026-03-04T18:17:29.5566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Take these steps immediately to contain the issue and secure the Outlook.com account:

    1. Stop interacting with the message
    • Do not click any more links or open attachments from that email or similar ones.
    • Delete the phishing message from Inbox and Deleted Items.
    1. Run a malware/virus scan on devices
    • Before changing passwords, run a full antivirus scan on every device used to access the email (PC, phone, tablet). Make sure the antivirus is up to date.
    • If using Windows 10/11 or 8.1, turn on and run a full scan with Windows Defender as described in the guidance.
    1. Change the Microsoft account password
    • After confirming devices are clean, sign in to the Microsoft account and change the password to a strong, unique one. If sign-in is not possible, use the password reset option.
    1. Check Outlook.com account settings for compromise After regaining access, review and fix any changes an attacker might have made:
    • Check Inbox rules for suspicious rules that forward, delete, or move messages automatically and remove anything not created intentionally.
    • Check Forwarding and remove any unknown forwarding addresses.
    • Check Automatic replies and turn them off if they were enabled by the attacker.
    1. Look for signs of further compromise
    • Review Sent Items and Deleted Items for messages that were sent without knowledge (like the invitation that went to all contacts).
    • If any contacts received suspicious emails, notify them from a clean message that the account was compromised and they should delete the earlier email and not click any links.
    1. Strengthen ongoing protection
    • Enable two-step verification (multi-factor authentication) on the Microsoft account.
    • Ensure the password is not reused on other sites. If it is, change passwords on those sites as well.
    • Be cautious of future emails that:
      • Ask for passwords or personal information.
      • Claim the account will be closed or deactivated unless a link is clicked.
      • Come from domains that don’t match the real service or show as unverified in Outlook.

    If there are indications that the Microsoft account itself has been hacked beyond just sending spam (for example, password change notices not initiated, or sign-in issues), follow the full hacked/compromised account recovery steps.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.