'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Work & employment crises work email used to sign up • company email used for accounts • unknown accounts using my email • unexpected account signup emails • random welcome emails at work • verification emails i did not request • password reset emails i did not request • work email possibly compromised • someone created accounts with my email • suspicious subscription confirmations • inbox rules changed at work • email forwarding i did not set • microsoft 365 sign in i dont recognise • google workspace login alert • business email compromise warning • my work address on websites • spoofed work email address • unwanted registrations using my email • workplace cyber incident • account takeover concern at work What to do if…
What to do if…
you are told your work email address may have been used for accounts you do not recognise
Short answer
Assume it could be a security incident: don’t click links in the messages, and report it immediately through your employer’s IT/security process so they can check access logs and contain it.
Do not do these things
- Don’t click “verify”, “unsubscribe”, or “reset password” links in the alert emails.
- Don’t forward the messages to your personal email account or store them in personal cloud drives.
- Don’t delete the emails or clear your mailbox yet.
- Don’t rush to “recover” unknown accounts by repeated password resets or trial-and-error logins.
What to do now
- Report it through your company’s official channel right away.
Use your helpdesk ticketing system, security hotline, or “report phishing” workflow. Use clear wording: “My work email is receiving account creation/verification/password reset emails for services I don’t recognize.” - Preserve the evidence (without engaging).
Keep the emails. Note (or screenshot) the subject lines, sender shown, and time received. Use your employer’s preferred reporting method (for example, a “report phishing” button or forwarding as an attachment) so security can capture headers. - Ask IT/security to check for compromise indicators that matter most.
Specifically: unusual sign-ins, new inbox rules/filters, external auto-forwarding, unfamiliar delegated access, and unknown connected apps/OAuth grants. - Secure your work account using your employer’s process.
If directed: reset your password to a new unique one, sign out of other sessions/devices, and confirm multi-factor authentication is enabled and working. Don’t bypass policy or “fix” settings in a way your org can’t audit. - Create a short inventory of the unknown services.
Search your mailbox for “welcome”, “verify”, “confirm”, and “password reset”. List the service names + dates/times + what the email claims. Share that list with IT/security. - Escalate internally if there’s any sign of impersonation or sensitive data exposure.
If coworkers/clients received emails “from you” that you didn’t send, or if any message suggests company data was entered, tell your manager and your security/privacy/compliance contact so they can coordinate response and communications. - If it looks like personal identity misuse (not just work email misuse), take one official step.
If you see your Social Security number, bank details, tax/benefits references, or accounts being opened in your name, file a report and follow the guided recovery steps at IdentityTheft.gov. If you choose, you can also place a fraud alert or consider a credit freeze as part of that process.
What can wait
- You do not need to contact every website immediately or spend the day trying to close accounts one-by-one.
- You do not need to decide about police reports right now; first confirm whether your work account was actually accessed.
- You do not need to notify clients/customers unless your IT/security team confirms a real risk of impersonation or data access.
- If there’s no evidence of personal identity misuse, credit/identity protection steps can usually wait until you know what your employer’s investigation shows.
Important reassurance
This often starts with something simple (someone mistyping an email address) but it’s still smart to treat it as real until your security team confirms otherwise. Your job right now is to avoid risky clicks, preserve evidence, and get the right people involved quickly.
Scope note
These are first steps for the first hours/day. Later actions (closing specific accounts, broader communications, HR steps, or legal steps) depend on what your employer’s investigation finds.
Important note
This is general information, not legal or professional advice. Follow your employer’s policies and incident response instructions. If you believe your personal identity is being misused outside work systems, use official reporting and recovery resources.