Share via

Title: URGENT: Hotmail compromised - malicious inbox rule recreating in seconds, account recovery returns 'no permissions'

Claire Arguile 0 Reputation points
2026-05-06T12:34:49.9033333+00:00

Hello, I urgently need help from a Microsoft agent who can escalate this case.

My Hotmail account has been compromised. The situation:

  1. A malicious inbox rule has been created that deletes incoming emails
  2. When I delete the rule, it reappears within seconds - confirming an active connection
  3. I have already taken these steps:

   - Changed my password (multiple times)

   - Signed out of all sessions via account.microsoft.com

   - Revoked all connected apps and app passwords

   - Removed unknown devices

   - Checked for forwarding rules and Sweep rules

  1. Despite all of this, the rule continues to recreate within seconds of deletion
  2. When I try to use account.live.com/acsr, I receive a 'you don't have permissions to access this resource' error - suggesting the attacker has altered my account permissions or security info
  3. I cannot access phone support as this is a free Hotmail account

The attacker appears to still have persistent access through a method that survives password changes and session revocation. I suspect either an OAuth grant I cannot see, or server-side persistence that only Microsoft can remove.

I need a Microsoft agent to:

  • Forcibly terminate ALL server-side sessions on this account
  • Remove the malicious rule from the server side
  • Reset my account permissions so I can use recovery tools
  • Identify what mechanism is being used for persistent access

This is an active, ongoing breach. Please escalate. I can provide account details privately to a verified Microsoft agent.

Thank you.

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 229K Reputation points Independent Advisor
    2026-05-06T13:12:49.9433333+00:00

    Hello,

    I am going to share with you a list of actions I complied while helping others with the same issue during the last few months. Please feel free to skip those you already did.

    This process can take 24 hours to take effect. So please do not expect immediate results.

    Please complete these steps on a computer, not on a smartphone or tablet.

    ====================

    First, go to https://www.outlook.com and sign in.

    Click the gear icon in the top right corner to open Settings.

    Under Mail, review the following areas:

    Rules

    If any rules are listed, delete all of them.

    Conditional formatting

    If anything is set up there, delete it.

    Forwarding and IMAP

    If you see any entries or settings you did not create, remove them. Turn off POP and IMAP.

    Junk

    Review Safe sender and blocked list. If you don't recognize any, remove them.

    After that, exit Settings and return to outlook.com.

    Open the To Do section by clicking the blue checkmark icon on the left side. Delete anything there that was not created by you.

    ====================

    Go to https://account.live.com.

    Under Your info > Sign-in preferences, review all aliases on the account. If you see any alias you do not recognize, remove it.

    Next, go to the Devices section of your Microsoft account and remove any devices you do not recognize.

    ====================

    Please also do the following in Security section

    Change your password

    Enable two-step verification

    ====================

    Go here https://account.microsoft.com/privacy/app-access Click on "Don't allow" for anything you don't recognize.

    =======================

    Then go to Security > Manage how I sign in and make sure all contact information belongs to you.

    On that same page, scroll down to App passwords and remove any existing app passwords.

    Also on the same page, click on Sign out everywhere. This is intended to disconnect any active sessions that may still be connected. Please note that this can take up to 24 hours to fully take effect.

    ====================

    In addition, this problem can sometimes be caused by a malicious script or infection on one of your devices.

    Are you using a Windows computer to check email? Do you use an email app such as Outlook Classic or New Outlook?

    If so, please open the app and remove the account from the app settings.

    Then go to the Microsoft Safety Scanner download page:

    https://learn.microsoft.com/defender-endpoint/safety-scanner-download

    Download the 64-bit version, run a full scan, and let me know what the final results say.

    =====================

    If after 24 hours it still doesn't work, please do this:

    Go to your Microsoft account online https://account.live.com> Sign in > Your info > Sign in preference. Add an alias - You have two options here:

    Create new: this will allow you to use the native domain outlook.com to create a new alias.

    Add existing: this will allow you to add a 3rd party email address, such as yahoo, gmail, as long as they are not already associated with another Microsoft account.

    Once added, make this new alias your primary alias, do NOT delete the old alias. Then at the bottom, click on "Change sign in preference". On the next page, uncheck the box for the old alias. This means, from now one, the old alias cannot be used to sign into your Microsoft account, but it can be still used to receive emails, etc.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.