Share via

Phishing emails in draft form

Julie Blackburn-Dziekonski 0 Reputation points
2026-05-03T00:45:53.64+00:00

I started receiving hundreds of phishing emails today and most say "draft" so I don't have an address to block. I've been reporting them but could not keep up because I am getting too many too fast. Is there something I can do?

Outlook | Web | Outlook.com | Email
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gunasekar N 67,470 Reputation points Independent Advisor
    2026-05-03T02:04:34.7466667+00:00

    Hello, thank you for reaching out to Microsoft Q&A.

    There have been many reports of scam and spoof emails in Outlook, similar to what you’re seeing. This can happen if you signed in to a fake or malicious website, and someone got access to your account details.

    Just leave the draft alone and follow the security steps (password reset, sign out everywhere, and turn on two-step verification) to protect your account.

    1. Reset your Microsoft account password.

    Open an InPrivate/Incognito browser window and use the following link to reset your password: https://account.live.com/ResetPassword.aspx

    2. Sign out of your account from all sessions.

    Once the password reset is successful, sign in with your account here: https://account.live.com/proofs/Manage

    Scroll down until you find Sign out everywhere. Select Sign out everywhere.

    3. Enable two-step verification.

    On the Security settings page, under Additional security, turn on Two-step verification. Make sure you have at least three security verification methods active.

    After you have enabled these security protections, sign out of your account in the Outlook app and sign back in with your new password.

    In addition to this, open Microsoft To Do and delete all the drafts in the 'My Day' section or in the 'Task lists' where you see the drafts. To open To Do

    In the https://outlook.live.com/ online, select ToDo in the left pane to launch it.

    Click on a draft task and delete it.

    Was this answer helpful?

    0 comments
  2. Q&A Assist
    2026-05-03T00:46:05.2266667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Those “draft” phishing messages are almost certainly being generated from a rule or other malicious configuration in the mailbox after the account was compromised. Simply reporting them is not enough; the account and settings need to be cleaned up and secured.

    Follow these steps in Outlook.com / Outlook on the web:

    1. Secure the account
      1. Change the Microsoft account password to a strong, unique one.
      2. Turn on multi‑factor authentication (MFA) for the account. MFA blocks the vast majority of password‑based attacks.
      3. On the Microsoft account security page, use the option to sign out of all sessions so any attacker is disconnected.
    2. Remove malicious rules and forwarding
      1. In Outlook on the web, go to Settings → Mail → Rules.
      2. Delete any rule that looks suspicious (for example, rules that auto‑create drafts, forward mail, or mention strange names like “Demon”).
      3. Go to Mail → Forwarding and remove any forwarding address that is not recognized.
    3. Revoke malicious app access
      1. In the Microsoft account security/permissions area, review app permissions.
      2. Revoke access for any apps or services that are not recognized. Attackers often use these to keep access even after a password change.
    4. Clean up and keep reporting
      1. Delete the existing phishing drafts.
      2. For any new suspicious messages that appear, select the message and use Report → Report phishing in Outlook.com. This both removes the message and helps improve Microsoft’s filters so fewer such messages reach the mailbox.
    5. If the problem persists at scale
      1. Run full security scans on devices used to access the account to ensure there is no malware capturing credentials.
      2. If using Microsoft 365 with Defender for Office 365, an admin can:
        • Review and tune anti‑phishing policies (for example, increase the Phishing email threshold in anti‑phishing policies).
        • Use the Submissions page in Defender for Office 365 to submit samples of these phishing messages so Microsoft can adjust filters.

    These actions stop the automated creation of phishing drafts, remove the attacker’s persistence (rules, forwarding, app permissions), and strengthen protection so fewer phishing messages get through in the future.

    References:

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.