Email was hakcked, it looks like phishing and almost the same like in privious post. It keeps poping up like a draft in email flagged and pinned. And after all recommendation like change password, set-up 2 steps verification install microsoft authentificator, check all rules in email install malwarebytes and eset online it still pop up after deleting it in 1-2 minutes.
"About a few months ago, I gained access to your devices and started tracking your online activity.
I was able to hack into your computer and access your email: ***********@outlook.com. Your password was easily compromised.
help me please to resolve this problem
What you’re describing sounds like a compromised or misconfigured Outlook/Microsoft account or client, not just a one‑off phishing email.
I’ll break it into two things: securing the account properly, and then figuring out why that draft keeps coming back.
1. First: understand the email itself
The text you quoted:
"About a few months ago, I gained access to your devices and started tracking your online activity..."
is typical
sextortion / blackmail spam. These messages:
- Are usually sent in bulk to many people.
- Often lie about “hacking your device” or “recording you”.
- Sometimes reuse old passwords from data breaches to sound convincing.
So the content itself does
not prove they actually hacked your PC or webcam.
The strange part is that it keeps reappearing as a draft, which suggests:
- Something (an app, rule, extension, or add‑in) is recreating it, or
- There is still some unauthorized access to the mailbox itself.
Let’s treat it as a possible account compromise and lock things down properly.
---
2. Secure your Microsoft / Outlook account (from a clean device)
Do this on a device you trust that has already been scanned (seems you used Malwarebytes and ESET, which is good).
Step A – Check recent login activity
- Go to: Sign in to your Microsoft account
- Sign in with your Microsoft account.
- Review:
- Recent logins (locations, devices, IPs).
- Any “Unusual activity” alerts.
- If you see anything you don’t recognise, click the option to Secure your account (Microsoft will guide you step‑by‑step).
Step B – Change password again and sign out everywhere
Even though you already changed your password:
- Change it again from this clean device.
- Use a strong, unique password that you have never used elsewhere.
- Then go to your Microsoft Account security page and:
- Sign out of all sessions/devices if the option is available.
- Remove all “trusted devices” you don’t recognise.
This ensures any attacker who might still be logged in loses access.
Step C – Check security info & recovery options
In your Microsoft account security settings:
- Check email addresses and phone numbers listed as recovery/contact methods.
- Remove anything that you do not recognize or no longer use.
Step D – Revoke third‑party access (OAuth apps, add‑ins)
This is important because an app with token access can still manipulate your mailbox even after a password change.
---
3. Clean up Outlook/Email settings that can recreate emails
You mentioned you already checked rules, which is great – but there are a few more places to check, especially in
Outlook on the web (Outlook.com / webmail).
Log in via browser to Outlook.com, then:
A. Inbox / sweep rules & forwarding
- Settings (gear icon) → View all Outlook settings.
- Go to:
- Mail → Rules (or “Inbox rules / Sweep rules”)
- Mail → Forwarding
- Delete any rule or forwarding that you did not create yourself.
B. Automatic replies, signatures, templates
Still in Outlook settings:
- Mail → Automatic replies – Turn off anything that’s enabled.
- Mail → Compose and reply – Check:
- Email signature
- Any “message text” templates / quick parts
- Make sure that extortion text isn’t stored anywhere as a default.
C. Delegates, shared access, and connected accounts
In Outlook.com settings:
- Mail → Sync email / Connected accounts – Remove any unknown POP/IMAP/other accounts.
- Mail → Accounts / Sharing – Check if anyone has delegate access (can send on your behalf). Remove everything you don’t explicitly need.
---
4. Check devices and apps that access this mailbox
The draft might be coming back because of a particular app or device syncing it back into your account.
Ask yourself:
- Do you use the Outlook app on Android/iOS?
- Do you use any other mail apps (Apple Mail, Thunderbird, Windows Mail, etc.)?
- Do you access your mail from more than one PC or browser?
Do this:
- On each phone/tablet mail app that uses this account:
- Remove the account from the app (delete account from the mail app only, not from Microsoft).
- Uninstall any unknown/suspicious mail apps.
- After securing the account & changing password, add the account back only to apps you trust.
On your main PC:
- Try logging into Outlook.com from:
- A different browser, and
- A private/incognito window (with no extensions).
- See if the draft still reappears in this “clean” browser session.
If the draft only comes back in one specific browser, it could be:
- A browser extension manipulating the page.
- Some cached/synced data glitch.
In that case:
- Disable all browser extensions (especially anything related to email/productivity you don’t fully trust).
- Clear browser cache and cookies for Outlook.com.
- Log in again and check.
---
5. Outlook desktop add‑ins (if you use Outlook for Windows/Mac)
If you use the full Outlook desktop client:
- Open Outlook.
- Go to File → Options → Add‑ins.
- At the bottom, choose COM Add‑ins and click Go….
- Temporarily disable (untick) all non‑Microsoft add‑ins.
- Restart Outlook and see if the draft still appears.
---
6. If the draft still keeps coming back
If, after:
- Securing your Microsoft account (password, 2FA, revoke access),
- Checking/removing rules, forwarding, delegates,
- Testing in a clean browser with no extensions, and
- Removing/re‑adding accounts from mobile and desktop apps,
the same draft still auto‑appears every 1–2 minutes, then:
- Take a screenshot of what it looks like (cover your email address and any personal info).
- Note:
- Which folder it appears in (Drafts, Inbox, somewhere else?).
- Whether it shows as “Draft”, “Pinned”, “Flagged” or something else.
- Which app you are looking at (Outlook.com in browser, Outlook desktop, mobile app).
- Post these details (with the screenshot redacted) in your thread, or in the General Security or General Computer Help section on MalwareTips so people can see exactly how it behaves.
You can also contact Microsoft Support directly through your account page if it looks like a backend/server issue with your Outlook.com mailbox.
---
Quick recap
- These “I hacked you months ago” messages are almost always scams.
- The repeating draft is not normal and needs:
- Full account security check (logins, password, 2FA, recovery info).
- Revoking app/access tokens.
- Thorough check of rules/forwarding/connected accounts.
- Testing different browsers/devices and disabling extensions/add‑ins.
If you can share which exact Outlook client you’re using (web/desktop/mobile, and on which OS) and whether the draft appears in
Drafts or
Inbox, I can suggest more targeted steps.
My name is icotonev and I'm here to help you remove malware ..!
