'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Technology & digital loss email hacked • account takeover • unknown emails sent • sent folder unknown messages • spam sent to contacts • email compromise • mailbox rules changed • email forwarding enabled • strange bcc recipients • mass email from my account • someone using my email • gmail hacked • outlook hacked • password stolen • suspicious sign-in • recovery email changed • oauth app access • phishing fallout What to do if…
What to do if…
your sent folder shows emails you do not recognise sent to many recipients
Short answer
Treat this as a compromised email account: sign out other sessions, change the password, and remove forwarding/rules or connected app access so the attacker can’t keep sending or silently reading your email.
Do not do these things
- Don’t engage with the suspicious emails from the compromised account (don’t “explain” or click anything inside them).
- Don’t assume a password change alone fixes it; attackers often persist via forwarding rules, filters, or connected apps.
- Don’t delete everything immediately — keep enough details (time, subject, recipients) to help your provider, employer, or law enforcement if needed.
- Don’t send sensitive documents, codes, or payment details from the account “to test” whether it’s safe.
- Don’t post public explanations before you’ve regained control.
What to do now
- If you can’t log in, start with account recovery: Use your email provider’s official account recovery flow/support to regain access. As soon as you’re back in, continue with the steps below.
- End the attacker’s session(s): In your account security settings, use “sign out of all devices/sessions” (or equivalent) if available.
- Change your password from a safer device: Use a trusted device (or a different device than usual). Set a new, unique password not used anywhere else.
- Turn on multi-factor authentication (MFA): Prefer an authenticator app or a security key if you have one.
- Remove hidden access inside email settings (this is crucial):
- Turn off any auto-forwarding you didn’t set.
- Remove filters/rules that auto-delete, auto-archive, or move messages you care about.
- Review connected apps / third-party access and revoke anything unfamiliar.
- If your provider supports app passwords, remove any you don’t recognize and regenerate them only if you truly need them.
- Lock down account recovery options:
- Confirm recovery email/phone are yours; remove anything unfamiliar.
- Regenerate backup codes if offered and store them safely.
- Protect other accounts that rely on this email:
- Search for “password reset” and “security alert” messages.
- Change passwords (and enable MFA) on high-risk services first: banking, payments, shopping, cloud storage, and social media.
- Warn likely targets using a different channel: Text/call close contacts, coworkers, or customers to ignore messages/links from you until you confirm by phone.
- Report if there’s significant harm: If there’s financial loss, extortion, identity theft, or business email compromise, file a report with the FBI’s internet crime reporting portal. If you believe personal information was misused for identity theft, use the federal identity theft recovery site for guided steps.
- If this is a work/school account: Contact your IT/security team immediately. Ask them to check sign-in logs, mailbox rules/forwarding, and any suspicious third-party access approvals.
What can wait
- You don’t need to identify the attacker or prove exactly how it happened today.
- You don’t need to notify every recipient immediately; start with the people most likely to be harmed.
- You don’t need to factory-reset devices unless you have strong signs of malware; prioritize account control and removing persistence first.
Important reassurance
Mass emails from your “Sent” folder are a classic sign of account takeover. Most immediate damage stops once you end sessions, change the password, remove forwarding/rules, and enable MFA.
Scope note
These are first steps to stabilize the situation. If this affects a workplace, finances, or sensitive data, you may need specialist help (IT/security support, your bank, and official reporting).
Important note
This is general information, not legal or professional advice. If you’re facing ongoing fraud, threats, or financial loss, get prompt help from your provider, your bank, and relevant US reporting channels.
Additional Resources
- https://consumer.ftc.gov/how-recover-your-hacked-email-or-social-media-account
- https://www.identitytheft.gov/Info-Lost-or-Stolen
- https://www.identitytheft.gov/
- https://www.ic3.gov/
- https://www.fbi.gov/investigate/cyber
- https://www.cisa.gov/resources-tools/resources/multifactor-authentication-mfa-toolkit