PanicStation.org
UK USA
uk Work & employment crises work email used to sign up • company email used for accounts • unknown accounts using my email • unexpected account signup emails • random welcome emails at work • verification emails i did not request • password reset emails i did not request • work email possibly compromised • someone created accounts with my email • suspicious subscription confirmations • inbox rules changed at work • email forwarding i did not set • microsoft 365 sign in i dont recognise • google workspace login alert • business email compromise warning • my work address on websites • spoofed work email address • unwanted registrations using my email • workplace cyber incident • account takeover concern at work

What to do if…
you are told your work email address may have been used for accounts you do not recognise

Short answer

Treat this as a potential security incident: don’t click anything in the messages, and report it to your organisation’s IT/security team immediately using your normal internal route.

Do not do these things

  • Don’t click “verify”, “unsubscribe”, “reset password”, or attachment links from the alert emails.
  • Don’t forward the emails to your personal account or upload them to personal storage “to deal with later”.
  • Don’t delete the emails, empty your deleted items, or clean up your mailbox yet.
  • Don’t try to “take over” unknown accounts by repeatedly resetting passwords or guessing what happened.

What to do now

  1. Report it through your workplace’s official process now.
    Use your IT helpdesk, security channel, or “report phishing” workflow. Say: “I’m receiving sign-up/verification/password reset emails for services I don’t recognise using my work address.”
  2. Preserve the evidence without clicking.
    Keep the messages. Note (or screenshot) the subject lines, the time received, and the sender shown. If your organisation asks you to report suspicious email in a specific way (for example, using a built-in “report phishing” button or forwarding as an attachment), do that.
  3. If you can’t find an internal route quickly, use a safe fallback (if your workplace allows).
    Forward suspicious emails to the UK Suspicious Email Reporting Service at report@phishing.gov.uk (this is for reporting suspicious messages, not for getting account access back).
  4. Ask IT/security to check for the highest-risk signs of mailbox misuse.
    Specifically ask them to check for: unusual sign-ins, new inbox rules, unexpected auto-forwarding, unfamiliar delegated access/shared mailbox permissions, and unknown connected apps.
  5. Secure your work account using your organisation’s approved method.
    If IT/security instructs you to, reset your password to a new unique one, sign out of other sessions/devices, and confirm multi-factor authentication is enabled and working. Follow your employer’s exact steps (especially if you use Single Sign-On).
  6. Make a simple list of the “unknown accounts” for IT/security.
    Search your mailbox for “welcome”, “verify”, “confirm your email”, and “password reset”. List: service name + date/time + what the email claims. Give that list to IT/security.
  7. Escalate internally if there’s any hint of data exposure or impersonation.
    If any email suggests personal/company data was entered, or if colleagues report messages “from you” that you didn’t send, tell your manager and your organisation’s data protection/privacy or compliance contact (if you have one). Your organisation should assess whether this is a personal data breach and what must be reported externally.

What can wait

  • You do not need to contact every website immediately or spend hours trying to close accounts today.
  • You do not need to decide whether this is “identity theft” right now — first confirm whether your work mailbox/account was accessed.
  • You do not need to warn clients/customers or your whole team unless IT/security confirms there is a real risk of impersonation or data access.
  • If you have not lost money and there’s no evidence of hacking beyond your workplace systems, external reporting can wait until your employer confirms what happened.

Important reassurance

Unexpected sign-up or verification emails are common and can be caused by typos or automated abuse. Taking the cautious route (don’t click, report quickly, preserve evidence) is the right response and helps your organisation confirm whether this is just “email misuse” or an actual account compromise.

Scope note

These are first steps for the first hours/day. Later actions (closing specific accounts, wider communications, HR steps, or formal reporting) depend on what IT/security finds.

Important note

This is general information, not legal or professional advice. Follow your employer’s policies and incident response instructions. If you believe you’ve lost money or your personal identity is being misused outside work systems, you can also report cyber crime/fraud via UK police reporting routes once you’re safe and have the basic facts.

Additional Resources
Support us