![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 98%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Outlook | Web | Outlook.com | Account management, security, and privacy
Managing personal Outlook.com account settings, security, and privacy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
That message is almost certainly a common “extortion” scam. The sender spoofs your own email address to make it look like they hacked you, but in most cases they have not accessed your account or your data.
Changing your password is a good first step, but it’s not enough on its own. Use a strong, unique password for your Outlook account that you have never used anywhere else. If you reused that password on other sites, change those too because breaches on unrelated services are a common source of these scams.
Turn on two-factor authentication for your Microsoft account. This is one of the most effective protections you can add. Even if someone gets your password, they still cannot log in without the second factor.
Check your account activity and security settings. In your Microsoft account security dashboard, review recent sign-in activity, look for unfamiliar locations or devices, and remove anything suspicious. Also check for any forwarding rules or inbox rules that you did not create, since attackers sometimes set these up to monitor emails.
Run a malware scan on your devices, especially if the message claims they recorded you or accessed your files. That claim is usually fake, but it’s still worth verifying your system is clean.
If the email included one of your old passwords, that doesn’t mean they currently have access. It usually means your email and password were exposed in a past data breach. That’s another reason to make sure all your important accounts have unique passwords and two-factor authentication enabled.
Do not reply to the email, do not click any links, and do not send money. You can safely delete it after securing your account. If you want, you can also report it as phishing within Outlook to help filter similar messages in the future.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin