hacked email

Question

My outlook has been hacked, changed my password, looked for virus, none found. I am getting emails from self. I think from the draft account. Any ideals

Answer 1

Hello,

I am going to share with you the comprehensive list of things to do, please feel free to skip those you already did. This process can take a bit time, so please be patient as you go through it.

Please complete these steps on a computer, not on a smartphone or tablet.

====================

First, go to https://www.outlook.com and sign in.

Click the gear icon in the top right corner to open Settings.

Under Mail, review the following areas:

Rules

If any rules are listed, delete all of them.

Conditional formatting

If anything is set up there, delete it.

Forwarding and IMAP

If you see any entries or settings you did not create, remove them. Turn off POP and IMAP.

Junk

Review Safe sender and blocked list. If you don't recognize any, remove them.

After that, exit Settings and return to outlook.com.

Open the To Do section by clicking the blue checkmark icon on the left side. Delete anything there that was not created by you.

====================

Go to https://account.live.com.

Under Your info > Sign-in preferences, review all aliases on the account. If you see any alias you do not recognize, remove it.

Next, go to the Devices section of your Microsoft account and remove any devices you do not recognize.

====================

Please also do the following in Security section

Change your password

Enable two-step verification

====================

Then go to Security > Manage how I sign in and make sure all contact information belongs to you.

On that same page, scroll down to App passwords and remove any existing app passwords.

Also on the same page, click on Sign out everywhere. This is intended to disconnect any active sessions that may still be connected. Please note that this can take up to 24 hours to fully take effect.

====================

In addition, this problem can sometimes be caused by a malicious script or infection on one of your devices.

Are you using a Windows computer to check email? Do you use an email app such as Outlook Classic or New Outlook?

If so, please open the app and remove the account from the app settings.

Then go to the Microsoft Safety Scanner download page:

https://learn.microsoft.com/defender-endpoint/safety-scanner-download

Download the 64-bit version, run a full scan, and let me know what the final results say.

Answer 2

The behavior strongly suggests the account is still compromised or has malicious rules/add-ins configured, even though the password was changed and no virus was found locally. Use these steps to clean it up and secure it:

1. Secure devices first
   1. Run a full, up-to-date antivirus scan on every device used to access Outlook/your Microsoft account (PC, phone, tablet). Do this before changing any more passwords.
   2. Ensure Windows is fully updated.
2. Reset and harden the Microsoft account
   1. After scans complete, change the Microsoft account password again using a known-clean device: change your password or, if needed, reset your password.
   2. Use a strong, unique password not used on any other site.
   3. Turn on two-step verification / multifactor authentication for the account if not already enabled.
3. Check for malicious rules, forwarding, and auto‑replies (Outlook on the web)
   1. Sign in to Outlook on the web.
   2. Go to Settings → Mail → Rules and delete any rules you do not recognize (especially ones that move mail to Drafts, Junk, or another folder, or that forward/copy messages).
   3. Go to Settings → Mail → Forwarding and remove any forwarding addresses you did not set up.
   4. Go to Settings → Mail → Automatic replies and turn off any auto‑replies you did not configure.
4. Review account security and recent activity
   1. Visit the recent activity page at https://account.live.com/activity and review sign‑ins and security events.
   2. If unfamiliar locations/devices appear, use the options there to secure the account and sign out of suspicious sessions.
   3. Add or confirm alternate email and mobile phone as security info so recovery is easier in the future.
5. Sign out everywhere and revoke suspicious access
   1. From the Microsoft account security pages, use options such as “Sign out everywhere” (if available) to invalidate existing sessions.
   2. Review connected apps and services and remove any you do not recognize.
6. Clean up Outlook on the desktop
   1. If messages are still appearing from “self” after the above steps, start classic Outlook in safe mode to rule out add‑ins:
      • Press the Windows key, type outlook.exe /safe, then press Enter.
      • If the behavior stops in safe mode, disable or remove suspicious add‑ins.
   2. If sending/receiving issues appear, follow the guidance to repair Outlook or the profile if needed.
7. If blackmail or extortion content appears
   1. Do not pay or respond.
   2. Save evidence (headers, message content) and report to local authorities if threats are serious.

If sign‑in problems or additional hacked‑account symptoms continue, follow the full guidance in “How to recover a hacked or compromised Microsoft account” and, if necessary, use the sign‑in helper tool there to escalate.

---

References:

• How to recover a hacked or compromised Microsoft account
• Hello , welcome to Account help & learning
• Help protect your Outlook.com email account
• Phishing and suspicious behavior in Outlook
• I can't send or receive messages in Outlook
• Get help with Outlook Lite for Android
• Hacker set up continuous draft ransomware email - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Cannot Access Microsoft Account After Hacker Changed Email, Advice Needed - Microsoft Q&A
• hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A