Email Security

    How to Tell If Your Outlook / Hotmail Has Been Compromised

    Key indicators and security checks to determine if your Microsoft email account has been accessed without your permission.

    ๐Ÿ“… March 2026 ยท ๐Ÿ• 6 min read

    Warning Signs Your Outlook/Hotmail Is Compromised

    • Microsoft sends you a "unusual sign-in activity" notification
    • Your password has been changed without your knowledge
    • You see emails in Sent or Deleted that you didn't write
    • Your contacts receive spam or phishing emails from your address
    • Your profile information (name, photo, birthday) has been changed
    • Email forwarding rules have been set up without your consent
    • Connected accounts or aliases have been added that you don't recognize
    • Your inbox rules are routing messages to folders you didn't create

    How to Check for Unauthorized Access

    1. Review Sign-In Activity

    Go to account.microsoft.com/security and click View my sign-in activity. This shows every login attempt with the date, time, IP address, location, and whether it was successful. Look for entries from locations or devices you don't recognize.

    2. Check Email Forwarding & Rules

    Log onto outlook.com on your browser & go to Settings โ†’ Mail โ†’ Forwarding. If there is an email address there that you do not recognize, this is a definitive indicator of compromise. Also check your mailbox rules by going to Settings โ†’ Mail โ†’ Rules. Here might be rules that try to automatically delete certain emails that maybe authentication codes for your accounts or even send all of your incoming emails to a third party email address. Hackers commonly set up auto-forwarding techniques to silently siphon your emails to their own account. These rules can allow for persistent access even after changing your password.

    3. Review Connected Apps

    Visit account.microsoft.com/consent to see apps that have permission to access your account. Revoke access for any app you don't recognize.

    4. Check Account Aliases

    Go to account.live.com/names/Manage to verify your email aliases. Attackers sometimes add a new alias to maintain access even after you change your password.

    Immediate Steps to Secure Your Account

    1. Change your Microsoft account password immediately
    2. Enable two-step verification at account.microsoft.com/security
    3. Remove any email forwarding rules you didn't set up
    4. Revoke access for unrecognized connected apps
    5. Review and remove suspicious account aliases
    6. Update your recovery email and phone number
    7. Check that your security info (alternate email, phone) hasn't been altered

    More from Email Security

    No image

    How to Recover Your Email Account After Being Hacked

    Locked out of your email? A generic guide to the main recovery pathways for getting back into a hacked email account, with notes on how options vary by provider.
    No image

    How to Migrate to Proton Mail from Any Email Provider

    Complete guide to migrating your email, contacts, and calendar to Proton Mail using Easy Switch or manual import methods.
    No image

    How to Secure Your Email Account

    A comprehensive, provider-agnostic guide to hardening your email account against hackers โ€” covering 2FA, app passwords, recovery settings, phishing defence, and ongoing monitoring.