Microsoft account compromised and Outlook now sending hundreds of spam emails

Question

Yesterday, my Microsoft account was compromised. The hacker removed my security information and replaced it with what I'm guessing was a random email address. Both my phone number and my email address were removed. I was still logged in to my account and was able to remove the hacker's information and re-add my email address, but I could not re-add my phone number. I requested to be logged out on all devices and changed my password. I've since changed the password three more times. Today, Outlook is sending hundreds of spam emails from my email address even though I've changed the Microsoft password and my email password. Can someone please help me fix this? Please note, I'm not a computer whiz, so please reply in step-by-step simple terms. I've been dealing with this for more than 24 hours and I'm exhausted. I can't handle computer speak right now.

Answer 1

Hi Lisa Delk,

Thanks for reaching out to Microsoft QnA

I am very sorry to hear this.

If your account has been hacked, use our sign-in helper tool below to help guide you to the right solutions.

The tool will ask for your email address or phone number, and either show appropriate self-help, or offer the chance to talk to an agent.

Start

Step 1: Clear your PC of viruses or malware before you change your password

If you have a good antivirus program installed, make sure it's up to date and then do a full scan of your system. If you don't have an antivirus app installed on your PC, Microsoft offers some solutions if you're running Windows 8.1 or Windows 10/11.

If you're running Windows 8.1 or Windows 10/11, you already have Windows Defender. Do the following to turn on malware protection:

Select Start 

On the Start screen, type Windows Defender in the Search box, or select Windows Defender.

Follow the instructions on the screen. 

Important: Regardless of which antivirus app you install, run a full scan on your PC before you change your password. You should also set up your antivirus app to automatically get updates and scan your PC on a regular basis.

Step 2: Change or reset your password

After you run the antivirus app, sign in to your account and change your password. Make sure you create a strong password.

If you can't sign in, reset your password.

Step 3: Check your account settings

Because someone else had access to your account, we've reset some of your account settings. To check and change your account settings, go to connected accounts, forwarding, and automatic replies.

Refer this link for all details- https://support.microsoft.com/en-us/account-billing/how-to-recover-a-hacked-or-compromised-microsoft-account-24ca907d-bcdf-a44b-4656-47f0cd89c245

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 2

Follow these steps in order.

1. Make sure all devices are clean

• On every PC/phone/tablet used with this account, run a full antivirus/malware scan.
• If using Windows 10/11, open Windows Security (Windows Defender) and run a full scan as described in the article. Do this before changing any more passwords.

2. Secure the Microsoft account

• After scans complete, sign in to the Microsoft account and change the password again from a clean device using the official password change page linked in the article.
• Use a strong, unique password (not reused anywhere else).

3. Check and fix account settings that attackers often change Because someone else had access, some settings may have been altered:

• Go to the pages listed in the article and review:
  • Connected accounts – remove any unknown or suspicious connected accounts.
  • Forwarding – turn off any forwarding you did not set up.
  • Automatic replies – turn off any automatic replies you did not create.
• In Outlook, also look for suspicious inbox rules (for example, rules that forward or move mail to Junk/Notes/RSS) and delete any you do not recognize.

4. Confirm the account is no longer compromised Common signs the mailbox is still compromised include:

• Mailbox blocked from sending email.
• Missing/deleted email.
• Suspicious inbox rules (especially ones that forward mail externally or hide messages).
• Suspicious messages in Sent Items or Deleted Items.
• Recently added external email forwarding. If any of these are present, remove the rules/forwarding and delete the suspicious messages after confirming devices are clean and the password is changed.

5. Review recent sign-in activity

• Visit the recent activity page (linked in the Outlook.com protection article) to see where and when the account was accessed.
• If any sign-ins are not recognized, mark them as “This wasn’t me” where available and ensure the password has been changed since those events.

6. Strengthen recovery and security info

• Add/confirm an alternate email address.
• Once allowed again, re-add a mobile phone number as security info.
• Add as much security info as possible so recovery is easier if this happens again.

7. If access is lost again or security info is changed by an attacker

• Use the official “How to recover a hacked or compromised Microsoft account” guide and, if needed, the sign-in helper tool to walk through recovery.
• If the attacker replaces security info and the automated recovery form fails, there is no additional manual method for consumer accounts beyond what is described in that guide.

These steps stop the attacker from continuing to send spam and restore control of Outlook by cleaning devices, securing the account, and removing any malicious rules or forwarding that keep sending messages even after password changes.

---

References:

• How to recover a hacked or compromised Microsoft account
• Help protect your Outlook.com email account
• Respond to a compromised cloud email account
• my microsoft account has been compromised - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• My account got hacked. - Microsoft Q&A
• My account got hacked - Microsoft Q&A
• How do I send an email to Microsoft about my account being hacked and taken over by <removed> ? - Microsoft Q&A
• Unblock my Outlook.com account