'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
uk Technology & digital loss spam from my email • emails sent i didn’t send • my email was hacked • account takeover email • email address spoofing • someone is impersonating my email • hacked mailbox • suspicious sent emails • unexpected bounce backs • my contacts got spam • my email sending junk • email forwarding rule added • mailbox rules changed • compromised email login • email security breach • someone logged into my email • i didn’t send these messages • gmail sending spam not me • outlook sending spam not me What to do if…
What to do if…
people report receiving spam from your email address and you did not send it
Short answer
Treat it as either (1) a compromised email account or (2) “spoofing” (someone faking your address). First, secure the email account or start your provider’s recovery process right now.
Do not do these things
- Don’t reply to the spam to “explain” — it can confirm your address is active.
- Don’t click “unsubscribe” links in messages you didn’t sign up for.
- Don’t keep using the same password “until you have time” — your email account is the reset key for many other accounts.
- Don’t share any one-time codes with anyone (including someone claiming to be “support”).
- Don’t assume it’s only spoofing until you’ve checked for suspicious rules/forwarding and sign-ins.
What to do now
- Pause sending anything important from that account for the moment. If someone is in your mailbox, they can see replies, resets, invoices, and bank details.
- If you can still sign in, lock down the email account immediately:
- Change the password to a long, unique one.
- Turn on 2-step verification (2SV) on the email account.
- Use your provider’s security page to sign out of all other sessions/devices.
- If you can’t sign in (or settings keep changing), switch to recovery mode:
- Use your provider’s account recovery steps (or contact their support) to regain control.
- Once back in, immediately change the password and enable 2SV.
- Check for “hidden takeover” settings in your mailbox (common even after a password change):
- Look for forwarding addresses you didn’t add.
- Check filters/rules (including ones that auto-archive, auto-delete, or auto-forward).
- Check any “send mail as” / delegated access / connected accounts settings and remove anything you don’t recognise.
- Check your recovery email/phone details and remove anything you didn’t set.
- Check whether mail was actually sent from your account:
- Look in Sent, Outbox, and Trash/Deleted (attackers often delete traces).
- If your provider shows recent sign-in activity or “devices”, note anything unfamiliar (time, location, device). (Some providers show limited detail — don’t treat missing logs as proof nothing happened.)
- Secure other accounts that rely on this email:
- Start with banking, shopping, social media, and messaging accounts.
- Change passwords (especially if you reused the email password anywhere) and turn on 2SV where available.
- Warn people safely (without spreading the scam):
- Use a different channel if possible (text/phone/another email) to tell key contacts: “My email may have been compromised or spoofed. Don’t open unexpected links/attachments, and don’t act on ‘new payment details’ or invoices from me without verifying by phone.”
- Report the scam email if you have an example:
- If you can access a copy of the spam (from a recipient or your mailbox), forward it to the NCSC Suspicious Email Reporting Service: report@phishing.gov.uk.
- If you run a custom domain (work email / your own domain):
- Tell whoever manages your domain/email hosting today. Ask them to check your anti-spoofing controls (SPF, DKIM, DMARC) and mail logs. This is often the key fix if it turns out to be spoofing rather than a hacked mailbox.
What can wait
- You don’t need to identify exactly how it happened right now.
- You don’t need to message every single contact immediately — prioritise people most likely to act on the scam (family, colleagues, finance-related contacts).
- You don’t need to rebuild your whole device setup tonight; focus on account control, rule/forwarding checks, and protecting accounts that use this email.
Important reassurance
This happens to a lot of people and it’s not a sign you “did something stupid”. Attackers commonly use either password reuse (account takeover) or simple address spoofing. Taking the steps above quickly usually stops the spread and protects your other accounts.
Scope note
These are first steps to stabilise the situation and prevent further damage. If you find evidence of ongoing access, you may need provider-led recovery and more detailed security clean-up later.
Important note
This is general information, not legal or professional advice. If you suspect financial loss, identity fraud, or targeted impersonation of your business, consider reporting through the appropriate UK channels and getting specialist IT/security help.