Skip to main content
What should I do if I suspect malicious activity in my email account?

What should I do if I suspect malicious activity in my email account?

If you have found unrecognised or suspicious activity in your email account, your account may have been compromised.

Some of the signs of a compromised account:

To secure your account, you need to complete the following steps:

Step 1: check that your computer isn't compromised

A. Make sure that you have Windows Update turned on (Windows users only).

B. If you haven’t installed antivirus software on your computer, we recommend that you install one immediately. You should then run a scan to make sure no malicious software is has been installed. Microsoft offer free anti-malware or antivirus software on their website.

Step 2: ensure the attacker can't log on to your email account

A. Change your password  immediately.

B. Don't reuse any recent passwords or use anything it's easy to guess.

C. Change your security question and answer immediately.

Step 3: take these additional precautionary steps

A. Check your sent items. If you don't recognise any of your sent items, you may have to inform people on your contacts list that your account was compromised. The attacker may have asked them for money, or may have sent them a virus to also hijack their computers.

B. Any other service that used this account as its alternative email account may have been compromised. First, perform these steps for your Office 365 subscription, and then perform these steps for your other accounts.

C. Check your reply and forwarding addresses haven’t been changed or deleted. When accounts are compromised, attackers can set up auto-forwarding to divert your emails to alternative addresses. Office 365 users can check their forwarding options by logging into the Office portal and following these steps:

  1. Log in to
  2. Click on Outlook
  3. Go to settings (top right cog)
  4. Scroll down and click on Mail
  5. Under accounts, click on forwarding option
  6. Check any forwarding addresses are correct, remove unrecognised addresses or stop forwarding altogether
  7. Click save

Once you've completed these steps, your account should be secured. However, if you need further assistance, please get in touch with our support team on the 'Contact us' link below.

Did this help?

Additional support