my account was hacked and I have multiple threatening emails

Question

my account was hacked and I have multiple threatening emails

Answer 1

Hello,

I am going to share with you the comprehensive list of things to do. This process can take a bit time, so please be patient as you go through it.

Please complete these steps on a computer, not on a smartphone or tablet.

====================

First, go to https://www.outlook.com and sign in.

Click the gear icon in the top right corner to open Settings.

Under Mail, review the following areas:

Rules

If any rules are listed, delete all of them.

Conditional formatting

If anything is set up there, delete it.

Forwarding and IMAP

If you see any entries or settings you did not create, remove them. Turn off POP and IMAP.

Junk

Review Safe sender and blocked list. If you don't recognize any, remove them.

After that, exit Settings and return to outlook.com.

Open the To Do section by clicking the blue checkmark icon on the left side. Delete anything there that was not created by you.

====================

Go to https://account.live.com.

Under Your info > Sign-in preferences, review all aliases on the account. If you see any alias you do not recognize, remove it.

Next, go to the Devices section of your Microsoft account and remove any devices you do not recognize.

====================

Please also do the following in Security section

Change your password

Enable two-step verification

====================

Then go to Security > Manage how I sign in and make sure all contact information belongs to you.

On that same page, scroll down to App passwords and remove any existing app passwords.

Also on the same page, click on Sign out everywhere. This is intended to disconnect any active sessions that may still be connected. Please note that this can take up to 24 hours to fully take effect.

====================

In addition, this problem can sometimes be caused by a malicious script or infection on one of your devices.

Are you using a Windows computer to check email? Do you use an email app such as Outlook Classic or New Outlook?

If so, please open the app and remove the account from the app settings.

Then go to the Microsoft Safety Scanner download page:

https://learn.microsoft.com/defender-endpoint/safety-scanner-download

Download the 64-bit version, run a full scan, and let me know what the final results say.

Answer 2

Take immediate steps to secure the Outlook.com account and stop the threatening activity.

1. Secure the Microsoft account

• On a clean device, run a full antivirus/malware scan first (Windows Defender or another up-to-date antivirus) to ensure no malware is capturing passwords.
• After the scan completes, sign in and change the account password using the guidance in How to recover a hacked or compromised Microsoft account. Use a strong, unique password.
• If sign-in is blocked or the password was changed by the attacker, follow the hacked-account recovery flow starting from the sign-in helper: Start.

2. Check for unusual sign-ins and secure the account

• Go to the Microsoft account Security basics page.
• Select Review activity and check the Recent activity page for sign-ins or actions that are not recognized. For any suspicious entry:
  • If it appears under Unusual activity, expand it and select This wasn’t me.
  • If it appears under Recent activity, expand it and select Secure your account.
• After this review, return to Security basics and select Change password again if needed.

3. Clean up Outlook.com account settings

• In Outlook on the web, check:
  • Rules: Remove any rules that move, delete, or auto-create messages (such as threatening drafts) that were not created intentionally.
  • Forwarding: Remove any unknown forwarding addresses.
  • Automatic replies: Turn off any replies the attacker may have set.
• Also review connected accounts and app permissions and remove anything not recognized.

4. Strengthen protection going forward

• Add alternate email addresses and a mobile phone number as security info so recovery is easier if the account is hacked again. See the guidance in Add an alternate email address and mobile phone number to your account.
• Add another way to sign in or verify identity from the Advanced security options page and keep all verification methods up to date.
• Avoid staying signed in on public or shared computers; always sign out and close the browser when finished.

5. Handle the threatening emails

• Do not reply to or engage with the threats.
• Mark threatening or blackmail messages as junk or phishing in Outlook.com so they are filtered.
• If the messages contain extortion or credible threats, preserve them and report to local law enforcement.

6. Monitor for further issues

• Regularly review the Recent activity page for new unusual sign-ins.
• Ensure the operating system and antivirus on all devices are kept up to date.

---

References:

• How to recover a hacked or compromised Microsoft account
• Hello , welcome to Account help & learning
• What happens if there's an unusual sign-in to your account
• Help protect your Outlook.com email account
• Phishing and suspicious behavior in Outlook
• How to help keep your Microsoft account secure
• Hacker set up continuous draft ransomware email - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Cannot Access Microsoft Account After Hacker Changed Email, Advice Needed - Microsoft Q&A
• hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A