This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 10%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
My outlook account was compromised. I have added 2 step verification, removed password login, removed rules, removed apps being able to interact with my account (basically doing what everyone suggested on threads about compromised account).
However, the draft emails threatening me keep appearing in my inbox after I try deleting it. There shouldnt be any rules to do that, and no outside app is given access to my account.
I changed all these settings like 8 hours ago, it should be long enough for all the changes to take effect, right?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 46%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Hi,
Threatening drafts keep reappearing because the attacker likely still has an active session or cached sync on the server. Even after enabling 2FA and removing rules, those sessions can persist until you force sign-out everywhere, revoke all tokens, and clear hidden mailbox rules and delegates. If drafts still return after that, Microsoft Support needs to run a mailbox integrity check to remove lingering scripts or API calls.
I hope this helps!
i did force sign out everywhere, tho that will take 24 hours.
I guess I will check back in like 16 hours.
Can you please elaborate on "revoke all tokens, and clear hidden mailbox rules"?
Hi,
To fully secure your Outlook account and stop those drafts from reappearing:
Revoke all tokens – Remove any lingering app passwords and sessions at Microsoft Account Security or via Microsoft 365 Admin (if available).
Clear hidden mailbox rules and delegates – Normal rules UI may not show them. Use Outlook Web settings or PowerShell (Get-InboxRule, Remove-InboxRule) to check and delete suspicious rules.
Wait for global sign-out to finish – It can take up to 24 hours for all sessions to expire.
I would assume you meant
and
I did delete all the rules and remove access of all apps hours ago.
After you revoke tokens, clear hidden rules, and wait for global sign-out to finish:
Monitor your mailbox for 24 hours. If drafts stop appearing, you’re good.
If drafts still reappear, escalate to Microsoft Support and request a mailbox integrity check. This is the only way to remove malicious scripts or API calls that normal tools can’t detect.
While waiting, run a full malware scan on your devices to ensure no local compromise.
Consider changing your password again after sign-out completes for extra safety.
ok, i will wait for tmr.
I have already done 2 round of in depth scanning using Windows Defender on my machine, and my Microsoft account no longer use password.
That is great, If drafts still reappear after that, I suggest contact Microsoft Support and request a mailbox integrity check that’s the only way to remove malicious scripts or API calls that normal tools can’t detect.
Let me know how it goes, i'm here to help!
