PanicStation.org
UK USA
uk Technology & digital loss emails skipping inbox • messages auto-archiving • email going to archive • inbox suddenly empty • missing new emails • gmail skip inbox • outlook rules changed • inbox rules you didnt make • unwanted email forwarding • email filters changed • mailbox settings changed • suspected email account hack • unknown device signed in • third party app access • mail client imap pop issue • shared mailbox delegate access • email suddenly sorting wrong • important emails not arriving • messages bypassing inbox • account security check

What to do if…
messages start auto-archiving or skipping your inbox and you did not change any settings

Short answer

Treat this like a possible account takeover until you’ve proven otherwise: secure the account first, then remove any rule/filter/forwarding that’s moving mail out of your inbox.

Do not do these things

  • Don’t request password resets for important accounts until you’ve secured this email account.
  • Don’t click “security alert” links from emails or pop-ups about this issue—open your email provider’s site/app directly instead.
  • Don’t mass-delete Archive/Other/Junk folders while you’re panicking; you may erase clues about what changed.
  • Don’t assume it’s “just a glitch” if you also notice unknown logins, new devices, or unexpected forwarding.

What to do now

  1. Reduce immediate risk (keep things reversible).
    For the next few minutes, avoid doing anything that relies on this email as proof-of-identity (password resets, “verify it’s you” links) until you’ve secured the account. If something is truly urgent, prefer a recovery method you already control (for example: phone-based sign-in prompts, an authenticator app, or backup codes you previously saved) rather than changing contact details while stressed.

  2. Secure the email account first (before fixing the inbox view).

    • Change the email account password to a strong, unique one.
    • Turn on 2-step verification (2SV) if it isn’t already.
    • Sign out of other devices/sessions if your provider offers it.
      These steps reduce the chance an attacker keeps re-adding rules after you remove them.

  3. Check for “inbox manipulation”: rules/filters that skip the inbox or auto-archive.
    Look for anything that says “Skip inbox,” “Archive,” “Move to folder,” “Mark as read,” “Delete,” or similar—especially broad rules like “if it has a subject” or “from: anyone.”

    • Gmail: check filters (especially anything with “Skip the Inbox (Archive it)”).
    • Outlook/Outlook.com: check mail rules that move messages to Archive/Deleted/another folder.

  4. Check and disable any forwarding or “redirect” you didn’t set.
    Attackers often add forwarding so they keep receiving copies even after you tidy folders. Disable forwarding and remove any unknown forwarding addresses.

  5. Check account access: unknown devices, unknown apps, delegated access.

    • Review “recent sign-ins / devices” and remove anything you don’t recognise.
    • Review third-party app access (mail add-ons, “productivity” tools) and remove anything you didn’t deliberately connect.
    • If this is a work account, check whether someone added mailbox delegation/shared access and alert your IT team immediately.

  6. Confirm mail is still arriving (without relying on the inbox).
    Search for a new test email by subject or sender; also check All Mail/All Messages, Archive, and Other/Focused tabs. This tells you whether mail is being received but re-filed, vs not arriving at all.

  7. Rule out a rogue device/app re-archiving your mail.
    If you use a desktop mail app (Outlook, Apple Mail, Thunderbird) or multiple phones/tablets:

    • Temporarily sign out of the email account on those apps, or disable syncing on the device you least trust.
    • Then re-check whether the unwanted rule/behaviour returns.
      Also run a malware scan and browser extension check on the devices you use to access email.

  8. If you can’t regain control quickly, switch to provider recovery and document what you see.
    Use your provider’s official account recovery flow and note: when it started, what folders messages go to, and any suspicious rules/forwarding addresses/devices. Screenshots help if you need support.

  9. If there’s any sign of fraud, take one UK-specific reporting step.
    If you’ve lost money, or your email is being used to scam others: contact your bank immediately (if payments are involved) and report it:

    • England, Wales or Northern Ireland: Action Fraud
    • Scotland: Police Scotland (non-emergency reporting)

What can wait

  • Sorting/cleaning up folders and labels.
  • Replying to everyone who received a suspicious email from you (do this after you’ve secured access).
  • Debating whether the cause was a “bug” vs “hack”—focus on locking down access first.

Important reassurance

This exact pattern (mail suddenly skipping the inbox) is common when a rule/filter/forwarding setting changes—sometimes by accident, sometimes by compromise. You’re not overreacting by treating it as a security issue first.

Scope note

These are first steps only to stabilise and prevent further harm. After the account is secure, you can do deeper clean-up (review recovery options, check whether passwords were reused elsewhere, and audit important accounts linked to that email).

Important note

This guide is general information, not professional advice. If you believe a work or school account is affected, follow your organisation’s IT/security process immediately, because they may need to investigate wider risk.

Additional Resources
Support us