email hacked

Question

my hotmail is receiving emails, converting them to ransom notes, moving them to deleted items, then deleting them completely

Answer 1

Hi, I'm John! I will help you with this.

About the persistent draft being credited:

If you haven't tried anything yet, please start by running a full antivirus scan on your computer using Windows Security and any third-party antivirus software you have.

Run a full deep scan using a trusted security tool:

• Download and run Microsoft Safety Scanner here: https://learn.microsoft.com/defender-endpoint/safety-scanner-download
• After running the scan, please restart your PC and monitor whether the issue continues.

---

To be safe, I recommend the following steps:

Check your account rules and forwarding settings, hackers create rules that automatically forward or delete emails. You can do this in Outlook settings under Mail > Rules and Forwarding. https://support.microsoft.com/office/manage-email-messages-by-using-rules-in-outlook-c24f5dea-9465-4df4-ad17-a50704d66c59

Just to be safe, I’d recommend to sign out everywhere. Visit: https://account.live.com/proofs/manage/additional Scroll down to Sign me out and select "Sign me out".

• After signing out everywhere, please monitor if the issue persists in the coming hours.

---

"How to help keep your Microsoft account secure" https://support.microsoft.com/account-billing/how-to-help-keep-your-microsoft-account-secure-628538c2-7006-33bb-5ef4-c917657362b9

---

I really hope this information is helpful! Let me know if you have any further questions or concerns.

Regards,

John J.D.

Answer 2

The mailbox is almost certainly compromised and being controlled by malicious inbox rules or forwarding settings. Use the following steps to regain control and stop the ransom drafts/deletions.

1. Secure all devices first

• Run a full, up-to-date antivirus/malware scan on every device used to access Outlook.com (PC, phone, tablet).
• Install updates for the operating system and browser on those devices.

2. Regain and harden account access

• Follow the guidance in How to recover a hacked or compromised Microsoft account to secure the Microsoft account:
  • Use the sign-in helper/recovery flow if sign-in is blocked.
  • After access is restored, immediately change the password to a strong, unique one.
  • Add or confirm alternate email and mobile phone as security info so recovery is easier in the future.

3. Sign out attackers and remove their access Once signed in again to the Microsoft account:

• Use the account security page to sign out of all active sessions so any attacker sessions are killed.
• Review and remove any unknown app permissions or connected apps that might be maintaining access.

4. Clean up malicious Outlook.com configuration In Outlook.com (web):

• Check Settings → Mail → Rules and delete any suspicious rules (for example, rules that move messages to Deleted Items/Junk/Notes or that forward mail).
• Check Mail → Forwarding and remove any forwarding addresses that are not recognized.
• Check Automatic replies and clear any content the attacker may have set.

5. Deal with deleted items and storage

• Open the Deleted Items folder and use Empty folder.
• Then select Recover items deleted from this folder and choose Empty folder again so that any hidden or repeatedly created ransom drafts are removed.
• If there are many items, delete in smaller batches and keep the browser open until the operation completes.

6. Monitor for ongoing compromise

• Use the recent activity page at https://account.live.com/activity to review sign-ins and security events. If unfamiliar locations/devices appear, change the password again and repeat the sign-out-everywhere step.
• Watch for new suspicious rules, forwarding, or drafts reappearing; if they do, assume a device is still infected and rescan/reset it.

7. Inform contacts and treat messages cautiously

• From a clean account or other channel, warn important contacts that the Outlook.com address was compromised and that any unusual messages, especially those with links or attachments, should be ignored.
• Going forward, rely on Outlook.com safety indicators: avoid interacting with messages that trigger red safety bars and be cautious with yellow-bar messages and unexpected attachments.

If the automated recovery or security tools fail (errors, lockouts), use the official Microsoft Support contact options and, where available, live chat to report the compromise and get assistance with account recovery.

---

References:

• How to recover a hacked or compromised Microsoft account
• Help protect your Outlook.com email account
• Respond to a compromised cloud email account
• Cannot empty the Deleted Items folder in Outlook.com
• Storage limits in Outlook.com
• Working with message folders in Outlook.com
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Hacker set up continuous draft ransomware email - Microsoft Q&A
• Need to speak to a agent I am getting pop up draft scam emails - Microsoft Q&A
• hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A
• Email from M!CROSOFT - Microsoft Q&A