HACKED - HELP

Question

I have been hacked .. I’ve signed out of all devices, changed my security / password details & also updated the authentication details. Although they are still sending emails from my address. I’m worried they are going to get access to sensitive data

Answer 1

Hi, I'm John! I will help you with this.

Do you still have access to your Microsoft account, and are you currently signed in? Check if you still have access to your Microsoft account and make sure you're currently signed in https://account.microsoft.com/ If you’re locked out, let me know.

In https://outlook.live.com/mail go to Settings > View all Outlook settings > Mail > Rules and Mail > Forwarding to make sure no one has set up rules to forward or delete your messages.

If you notice anything unusual in your account settings or purchase history, you might also want to check the Microsoft account security page https://account.microsoft.com/security to review recent activity.

---

About getting spam mails:

Those are phishing attempts. Please don’t click on any links or respond to the message. Scammers often use these tactics to trick people into giving away personal information or money.

Are these spam emails showing up in your Inbox, or are they already going into Junk Email?

If they’re landing in your Inbox, here’s something you can do to start blocking them:

• Click Settings (gear icon from top right)
• Choose Mail > Junk email.
• Under Blocked senders and domains, select Add blocked sender.
• Enter the email address you want to block. If you want to block an entire domain (for example, everything from @spamdomain.com), you can enter the domain name instead.
• Click "Save" and monitor if the issue will persist.

You can also change the level of protection in the Junk Email Filter using this steps:

• In the same Settings (Settings > Mail > Junk email).
• From there, you can select the "Strict" option. Please note that this will put all other messages into the Junk Email folder if they are not from the Safe Senders and Domains list. So, I suggest building your Safe Senders and Domains list first to allow known senders into your inbox.
• You can also enable the option "Block attachments, pictures, and links from anyone not in my Safe Senders and Domains list" and in option "Trust email from my contacts".
• Click "Save" and monitor if the issue will persist.

---

I really hope this information is helpful! Let me know if you have any further questions or concerns.

Regards,

John J.D.

Answer 2

Take these steps to fully lock down the Outlook.com / Microsoft account and stop attackers from sending mail as that account.

1. Clean all devices used with the account

• Run a full, up-to-date antivirus scan on every PC/phone/tablet used to sign in.
• If malware is found, remove it and reboot before continuing. This prevents the attacker from regaining access via an infected device.

2. Change the password again

• After scans complete, change the Microsoft account password one more time using a clean device and network.
• Use a strong, unique password that is not reused on any other site. See guidance in How to help keep your Microsoft account secure.

3. Verify and lock down security info

• Go to the Advanced security options page of the Microsoft account.
• Remove any phone numbers, email addresses, or sign-in methods that are not recognized.
• Add another trusted way to sign in or verify (for example, a trusted phone or email) as described in the “Add another way to sign in” section.
• Make sure all verification info is current and belongs only to the legitimate owner.

4. Remove attacker persistence in Outlook.com Sign in to Outlook on the web and check:

• Mail → Rules: Delete any rules that move, delete, or auto-create messages (like the “Demon” example in the context) or anything not recognized.
• Mail → Forwarding: Turn off forwarding or remove any unknown forwarding addresses.
• Automatic replies: Turn off any automatic replies the attacker may have set.

Also:

• Use “Sign out everywhere” from Microsoft account security to invalidate all active sessions.
• Review and revoke any suspicious app permissions or connected accounts.

5. Use the hacked-account recovery flow if needed

• If there is any sign the attacker still has access, follow the official guide: How to recover a hacked or compromised Microsoft account and use the sign-in helper tool. It can route to self-help or an agent if appropriate.

6. If phishing or blackmail is involved

• If any phishing or blackmail emails were involved, follow the steps in Protect yourself from phishing → What to do if you think you've been successfully phished:
  • Write down details of what was shared (usernames, account numbers, passwords).
  • Immediately change passwords on any other affected accounts and enable multifactor authentication where possible.
  • If work/school accounts or financial data are involved, notify IT and financial institutions.
  • If there are threats or money loss, report to local law enforcement.

7. Inform contacts and monitor

• Let important contacts know the account was compromised so they can ignore suspicious emails.
• Monitor recent sent items and account activity for anything unusual.

These steps together stop new sign-ins, remove hidden rules/forwarding that send mail as the account, and reduce the risk of further access to sensitive data.

---

References:

• How to recover a hacked or compromised Microsoft account
• How to help keep your Microsoft account secure
• Protect yourself from phishing
• My account got hacked. - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• My account got hacked - Microsoft Q&A
• Cannot Access Microsoft Account After Hacker Changed Email, Advice Needed - Microsoft Q&A
• Hacker set up continuous draft ransomware email - Microsoft Q&A