Here’s a quick checklist of things you should do when your email has been compromised.


Change your Domain Password.


  • This will disable the attacker’s access to your email profile.
  • This is important to do as soon as possible because often the attacker will respond to emails stating the suspicious email the recipient received is legitimate. 
  • As best practice, it is recommended to change your password every 90 days to help prevent this in the future.


Review Email Rules Currently in Place.


  • When email addresses are compromised, we often see new Email Rules put in place to move all incoming messages to the Deleted Items folder. This is done so end users are not alerted when they receive several emails related to the suspicious email.


  • To review your email rules:

  1. Open Outlook
  2. Under the Home tab click “Rules”
  3. Select “Manage Rules & Alerts”




  • In the Rules look for a Rule that you did not create. You might see a rule that states to delete all messages that are received. You can then delete the Rule by simply highlighting the Rule and selecting the Delete Button.



  • Once the Rule has been deleted send yourself a test email and make sure you are now receiving emails normally.


  • After the Rules have been deleted and your email account is working properly, we recommend running a malware scan on every workstation that has your email account on it.


  • If you need to send out an email to the people that received the malicious email explaining what occurred, you will need to contact your e-mail administrator to provide that information. If someone that received the email clicked on the link, we recommend that person change his or her password as well.


  • When sending an email to the users that received the message, we recommend performing a mail merge using Microsoft Word. 


Worried that your email may have been compromised? Review our steps to take after a cyberattack. Need help? Contact us.