Share via

RAT or Malware

Paul Conwell 0 Reputation points
2026-03-21T19:38:10.92+00:00

My outlook account appears to have been hacked in some way by a RAT or Malware that continuously sends myself emails demanding money over and over again. How can i stop this as now all my emails have been deleted and there is nothing within the deleted files

Outlook | Web | Outlook.com | Account management, security, and privacy

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. John Jefferson Doyon 73,395 Reputation points Independent Advisor
    2026-03-21T20:10:07.9533333+00:00

    Hi, I'm John!

    About the persistent draft being credited:

    If you haven't tried anything yet, please start by running a full antivirus scan on your computer using Windows Security and any third-party antivirus software you have.

    Run a full deep scan using a trusted security tool:

    To be safe, I recommend the following steps:

    Check your account rules and forwarding settings, hackers create rules that automatically forward or delete emails. You can do this in Outlook settings under Mail > Rules and Forwarding. https://support.microsoft.com/office/manage-email-messages-by-using-rules-in-outlook-c24f5dea-9465-4df4-ad17-a50704d66c59

    Just to be safe, I’d recommend to sign out everywhere. Visit: https://account.live.com/proofs/manage/additional Scroll down to Sign me out and select "Sign me out".

    - After signing out everywhere, please monitor if the issue persists in the coming hours.

    "How to help keep your Microsoft account secure" https://support.microsoft.com/account-billing/how-to-help-keep-your-microsoft-account-secure-628538c2-7006-33bb-5ef4-c917657362b9

    I really hope this information is helpful! Let me know if you have any further questions or concerns.

    Regards,

    John J.D.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-03-21T19:38:29.0766667+00:00

    Take these steps in order to stop the looped blackmail emails and secure the Outlook.com account:

    1. Clean all devices for malware
      • Run a full, up-to-date antivirus scan on every device used to access Outlook.com (PC, phone, tablet).
      • If anything is found, let the antivirus remove it, then reboot and run another scan.
      • For Windows 10/11 or 8.1, ensure Microsoft Defender is enabled and run a full scan as described in the account‑recovery guidance.
    2. Secure the Microsoft/Outlook.com account
      • After scans complete, change the Microsoft account password from a clean device using a strong, unique password.
      • If sign‑in is blocked or the account is clearly compromised, follow the steps in “How to recover a hacked or compromised Microsoft account” to:
        • Run antivirus first.
        • Change or reset the password.
        • Then review account settings.
    3. Remove malicious rules and forwarding in Outlook on the web
      • Sign in to Outlook on the web.
      • Go to Settings → Mail → Rules and delete any suspicious rules (for example, rules that auto‑move, auto‑delete, or auto‑forward messages, or that reference strange names like the “Demon” rule seen in similar attacks).
      • Go to Mail → Forwarding and remove any unknown forwarding addresses.
      • Check automatic replies and turn them off if they were enabled by the attacker.
    4. Sign out attackers and revoke access
      • From the Microsoft account security page, use Sign out everywhere (or equivalent) to invalidate all active sessions so the attacker is disconnected.
      • Review and remove any unknown connected accounts or app permissions that could be used to keep access.
    5. Protect the Outlook.com account going forward
      • Turn on two‑factor authentication (MFA) for the Microsoft account and ensure only trusted devices/authenticator apps are registered.
      • In Outlook.com, watch for:
        • The trusted sender icon on legitimate messages.
        • Yellow or red safety bars warning about unsafe content.
      • Be cautious with unexpected attachments or links, especially those demanding money or threatening blackmail; these are classic phishing and extortion patterns.
    6. Damage control
      • Since emails were deleted and the account was abused, notify important contacts (from another account or channel) that the Outlook.com address was compromised and that any recent suspicious messages demanding money should be ignored.

    If the problem persists after these steps (for example, drafts or messages keep reappearing), use Outlook.com’s Help → Still need help → Chat with a support agent to escalate, as recommended in similar Outlook.com scam‑draft cases.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.