i was hacked

Question

my email has been hacked. i have changed my password but they still seem to have access and keep sending the same email over and over. have also created folders i cannot delete.

Answer 1

Hello,

I am going to share with you the comprehensive list of things to do, please feel free to skip those you already did. This process can take a bit time, so please be patient as you go through it.

Please complete these steps on a computer, not on a smartphone or tablet.

====================

First, go to https://www.outlook.com and sign in.

Click the gear icon in the top right corner to open Settings.

Under Mail, review the following areas:

Rules

If any rules are listed, delete all of them.

Conditional formatting

If anything is set up there, delete it.

Forwarding and IMAP

If you see any entries or settings you did not create, remove them. Turn off POP and IMAP.

Junk

Review Safe sender and blocked list. If you don't recognize any, remove them.

After that, exit Settings and return to outlook.com.

Open the To Do section by clicking the blue checkmark icon on the left side. Delete anything there that was not created by you.

====================

Go to https://account.live.com.

Under Your info > Sign-in preferences, review all aliases on the account. If you see any alias you do not recognize, remove it.

Next, go to the Devices section of your Microsoft account and remove any devices you do not recognize.

====================

Please also do the following in Security section

Change your password

Enable two-step verification

====================

Then go to Security > Manage how I sign in and make sure all contact information belongs to you.

On that same page, scroll down to App passwords and remove any existing app passwords.

Also on the same page, click on Sign out everywhere. This is intended to disconnect any active sessions that may still be connected. Please note that this can take up to 24 hours to fully take effect.

====================

In addition, this problem can sometimes be caused by a malicious script or infection on one of your devices.

Are you using a Windows computer to check email? Do you use an email app such as Outlook Classic or New Outlook?

If so, please open the app and remove the account from the app settings.

Then go to the Microsoft Safety Scanner download page:

https://learn.microsoft.com/defender-endpoint/safety-scanner-download

Download the 64-bit version, run a full scan, and let me know what the final results say.

Answer 2

Follow these steps to fully secure the Outlook.com account and stop the repeated emails and undeletable folders:

1. Clean all devices used to access the account
   • Run a full, up-to-date antivirus/malware scan on every PC/phone/tablet used with this email.
   • If malware is found, remove it and restart the device before continuing.
2. Change the Microsoft account password again
   • After confirming devices are clean, go to the Microsoft account security page and change the password to a strong, unique one (at least 12+ characters, mix of letters, numbers, symbols).
   • Do not reuse any old password.
3. Enable and enforce strong sign-in security
   • Turn on multi-factor authentication (MFA), for example with Microsoft Authenticator, so a password alone is not enough to sign in.
   • Add and verify alternate email and mobile phone as security info so recovery is easier if this happens again. See the guidance under “Add an alternate email address and mobile phone number to your account.”
4. Sign out everywhere and revoke access
   • Use the Microsoft account security options to sign out of all active sessions on all devices.
   • Review and remove any unknown or suspicious apps or services that have access to the account.
5. Remove malicious rules, forwarding, and auto-actions In Outlook on the web:
   • Go to Settings → Mail → Rules and delete any rule that:
     • Moves messages to strange folders
     • Sends auto-replies
     • Forwards or redirects mail
     • Mentions suspicious names (for example, rules similar to the “Demon” or other random names seen in similar attacks).
   • Go to Mail → Forwarding and remove any forwarding address that is not recognized.
   • Check Automatic replies and turn them off if they were enabled by the attacker.
   Attackers often use rules and forwarding to:
   • Auto-create or resend threatening or spam emails
   • Hide incoming security alerts
6. Check recent account activity
   • Visit the recent activity page at https://account.live.com/activity (as referenced in the protection article) to see where and when the account has been accessed.
   • Mark any unfamiliar sign-ins or activities as “This wasn’t me” and follow the prompts.
7. Deal with the repeating draft/sent emails and folders
   • After removing all malicious rules and signing out everywhere, the repeated email creation should stop.
   • Try deleting the unwanted folders again in Outlook on the web.
   • If folders still cannot be deleted, wait a short period after cleaning rules and sessions, then try again from Outlook on the web (not just a desktop or mobile app), as server-side rules are usually the cause.
8. If the account appears still compromised or blocked
   • Use the Sign-in Helper / hacked-account troubleshooter to guide through recovery and, if needed, connect to support: start from the “How to recover a hacked or compromised Microsoft account” article and use the Start or Sign-in Helper link.
   • If the account becomes blocked due to unusual activity, follow the steps in Unblock my Outlook.com account using the Sign-in Helper button there.
9. Protect against future attacks
   • Be cautious with links and attachments, especially those that trigger yellow or red safety bars in Outlook.com.
   • Only trust messages that show the trusted sender indicators described in the Outlook.com protection article.
   • Keep operating systems and apps updated and ensure antivirus is always on and updating automatically.

If, after all of this, the attacker still seems to have control (rules reappear, folders recreate, or sign-ins from unknown locations continue), repeat the malware scans, change the password again from a known-clean device, and use the hacked-account recovery guide to escalate via the automated tools.

---

References:

• How to recover a hacked or compromised Microsoft account
• Help protect your Outlook.com email account
• Unblock my Outlook.com account
• Hello , welcome to Account help & learning
• Fixes or workarounds for recent issues on Outlook.com
• Close your Outlook.com account
• Hacker set up continuous draft ransomware email - Microsoft Q&A
• I have seen great advice for deleting the idtienphuoc1 Rule but none for stopping it from re-adding itself - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A