how do I get a hacker out of my outlook mail account

Question

my account has been hacked by a scammer threatening me with blackmail emails which keeps coming into my draft and inbox folders form my own email, what can I do to get rid of this twat

Answer 1

Hello,

I am going to share with you the comprehensive list of things to do. This process can take a bit time, so please be patient as you go through it.

Please complete these steps on a computer, not on a smartphone or tablet.

====================

First, go to https://www.outlook.com and sign in.

Click the gear icon in the top right corner to open Settings.

Under Mail, review the following areas:

Rules

If any rules are listed, delete all of them.

Conditional formatting

If anything is set up there, delete it.

Forwarding and IMAP

If you see any entries or settings you did not create, remove them. Turn off POP and IMAP.

Junk

Review Safe sender and blocked list. If you don't recognize any, remove them.

After that, exit Settings and return to outlook.com.

Open the To Do section by clicking the blue checkmark icon on the left side. Delete anything there that was not created by you.

====================

Go to https://account.live.com.

Under Your info > Sign-in preferences, review all aliases on the account. If you see any alias you do not recognize, remove it.

Next, go to the Devices section of your Microsoft account and remove any devices you do not recognize.

====================

Please also do the following in Security section

Change your password

Enable two-step verification

====================

Then go to Security > Manage how I sign in and make sure all contact information belongs to you.

On that same page, scroll down to App passwords and remove any existing app passwords.

Also on the same page, click on Sign out everywhere. This is intended to disconnect any active sessions that may still be connected. Please note that this can take up to 24 hours to fully take effect.

====================

In addition, this problem can sometimes be caused by a malicious script or infection on one of your devices.

Are you using a Windows computer to check email? Do you use an email app such as Outlook Classic or New Outlook?

If so, please open the app and remove the account from the app settings.

Then go to the Microsoft Safety Scanner download page:

https://learn.microsoft.com/defender-endpoint/safety-scanner-download

Download the 64-bit version, run a full scan, and let me know what the final results say.

Answer 2

Take three parallel actions: clean your devices, lock the account down, and remove the hacker’s changes in Outlook.

1. Clean every device used with this account

• On each PC/phone/tablet that signed in to this Outlook/Hotmail account:
  • Make sure antivirus is up to date.
  • Run a full scan (not quick). If using Windows 10/11, turn on and run Windows Defender:
    • Select Start → search for Windows Defender → open it and follow the prompts.
• Do this before changing passwords so the hacker can’t keep capturing them.

2. Recover and secure the Microsoft/Outlook account

• Use the official sign-in helper / recovery path for hacked or blocked accounts:
  • Start from the hacked/compromised flow: How to recover a hacked or compromised Microsoft account.
  • If the account is blocked, use Sign-in Helper from Unblock my Outlook.com account.
• When prompted, change the password to a strong, unique one (not used on any other site).
• If you can’t sign in:
  • Use the recovery form and follow the guidance in How to recover a hacked or compromised Microsoft account.
• After regaining access:
  • Turn on two-step verification / Microsoft Authenticator.
  • Add or update alternate email and mobile phone as security info so recovery is easier next time.

3. Kick the hacker out of active sessions and app access Once signed back in and on a clean device:

• Go to the Microsoft account security page and:
  • Use Sign out everywhere (or equivalent) to end all active sessions.
  • Review and revoke any app permissions or connected apps that are not recognized.

4. Remove malicious rules and forwarding in Outlook.com The repeating blackmail drafts strongly suggest the hacker set up rules or automation.

• Sign in to Outlook on the web (Outlook.com).
• Open Settings → Mail → Rules:
  • Delete any rules that look suspicious (unfamiliar names, rules that create drafts, forward, or auto-send mail).
• Still in Settings → Mail:
  • Check Forwarding and remove any forwarding addresses not set personally.
  • Check Automatic replies and turn them off or remove any text the hacker added.
• If using a work/school account with admin access, also review mail flow rules and hidden inbox rules as described in the Outlook rules/forms attack guidance.

5. Check recent account activity

• Visit the recent activity page: https://account.live.com/activity.
• Review sign-ins and security events:
  • Mark anything that isn’t recognized as “This wasn’t me”.
  • This helps Microsoft protect and lock down the account further.

6. Protect contacts and watch for phishing

• From another safe account or via phone/social, warn important contacts that the Outlook address was compromised and may send scam/blackmail emails.
• Tell them not to open links or attachments from that address until confirmed.

7. If recovery keeps failing or drafts persist

• If the automated recovery keeps erroring or the account remains blocked, use official Outlook.com support:
  • Sign in to Outlook.com, select Help on the menu bar, describe the issue, then under Still need help? choose to Chat with a support agent.
• If the account is fully locked and sign-in is impossible, use the When you can’t sign in to your Microsoft account path linked from Unblock my Outlook.com account.

After all of this, keep the OS and apps updated, leave antivirus running with automatic updates, and periodically review account security info and recent activity.

---

References:

• How to recover a hacked or compromised Microsoft account
• Help protect your Outlook.com email account
• Phishing and suspicious behavior in Outlook
• Unblock my Outlook.com account
• Close your Outlook.com account
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Hacker set up continuous draft ransomware email - Microsoft Q&A
• Need to speak to a agent I am getting pop up draft scam emails - Microsoft Q&A