Share via

Would you able to find an email from my outbox that I believe my email was hacked by others?

Angela Ding 0 Reputation points
2026-03-16T23:57:56.4066667+00:00

My client sent me an email with tax invoice which they said they the email sent from my email address but actually no email and invoice was sent by me and I could not found any history email sent form me so can you please advise if there is another path behind and you can investigate and let me know? Thanks

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manoel Barros 17,830 Reputation points Independent Advisor
    2026-03-17T02:43:39.3566667+00:00

    Hi! Do you and your client use a Microsoft domain email (@outlook.com or @hotmail.com), Google Gmail (@gmail.com), a third-party domain (@yahoo.com), or your own domain (@username.com or @contoso.com)?

    If you use a custom domain email, with a domain name like your company's, for example, one of your email servers may have been compromised by a phishing attack, which places malicious code on the email server to steal information and send fake emails. I recommend that you verify this issue with your client and with the IT team of your email provider, if it is a custom domain.

    If you use a Microsoft domain account, your email may have been compromised. Recommendations:

    NOTE: Use a different device to perform these procedures. Your current device may be infected.

    1. Change the account password.
    2. Enable two-factor authentication in security.
    3. Add an Authenticator app.
    4. Delete any unknown devices in Devices https://account.microsoft.com/devices
    • Be careful not to delete your own device, otherwise it will be blocked.

    You can find these options and much more at https://account.microsoft.com/account?lang=en-us

    0 comments
  2. Q&A Assist
    2026-03-16T23:58:22.9566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Outlook and Outlook.com do not provide a way for others to search or view the hidden contents of a personal mailbox, so direct investigation of a specific account or recovery of messages that never existed is not possible here.

    However, there are several things that can be checked to understand what happened and whether the account was compromised:

    1. Check Sent Items and related folders
    • In Outlook/Outlook.com, open the Sent Items folder and search by:
      • Client name
      • Invoice number or keyword
      • Date range your client mentioned
    • Also check Deleted Items/Trash and Archive in case the message was deleted or moved.
    • If using Outlook desktop with Cached Exchange Mode, ensure older sent mail is visible:
      • File > Account Settings > Account Settings > select account > Change > move Mail to keep offline slider to a longer interval.
    1. Confirm that copies of sent mail are being saved If using Outlook desktop and nothing appears in Sent Items:
    • Go to File > Options > Mail.
    • Under Save messages, ensure Save copies of messages in Sent Items folder is checked. If this was previously off, some sent messages might not have been stored locally, but that does not prove whether they were sent or not.
    1. Check if messages are being moved or hidden by rules If some messages are missing or being moved automatically:
    • In Outlook.com or Outlook on the web, go to Rules settings and review any Inbox or Sweep rules that might move or delete messages. Remove or edit anything suspicious.
    • In Outlook desktop, check Home > Rules (if applicable) and any Junk Email Options that might be affecting visibility.
    1. Check for signs of account compromise If there is concern the account was hacked and used to send mail:
    • In Outlook.com, review the Recent activity for the Microsoft account to see sign-ins, locations, and devices for the last 30 days. Unrecognized sign-ins can indicate compromise.
    • If compromise is suspected:
      • Change the account password immediately.
      • Enable multi-factor authentication (MFA).
      • Review and remove any unknown forwarding rules or delegates (for example, rules that forward all mail to another address).
    1. Ask the client for full message details To verify whether the message truly came from the mailbox or was spoofed:
    • Ask the client to forward the suspicious email as an attachment so the full headers can be examined by an IT or security professional.
    • Attackers often send spoofed emails that appear to be from an address but are not actually sent through that mailbox, which is why no record appears in Sent Items.
    1. If using Exchange Online in an organization (admin scenario) If an organization admin is involved, they can:
    • Use Search-Mailbox or similar investigation tools in Exchange Online PowerShell to search all mailboxes for specific subjects or content related to the invoice.
    • Use Get-MessageTrackingLog (for on-premises/hybrid) to trace whether a message was actually sent from the mailbox. These steps require admin permissions and are typically done by IT/security staff.

    If no trace of the message exists in Sent, Deleted, Archive, or message tracking (for organizational accounts), and the headers show it did not originate from the service, then it is likely a spoofed or phishing email using the address, not an email actually sent from the mailbox.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.