# [email protected] spam sent from my outlook account



## Raphael2019 (Jun 6, 2019)

Hello.

A spam email has been sent from my account to thousands of people. They include everyone in my contacts and other addresses i have no connection to. There is nothing in my sent box but I have received thousands of emails titled '[email protected]' Undeliverable . The message contains an attachment which i of course won't be opening. I have MS Outlook. What should i do?

Please help, in terms of what threat this poses and what actions i need to take.
Raph


----------



## lunarlander (Sep 22, 2007)

Not much you can do. Change the password to the email account.


----------



## Raphael2019 (Jun 6, 2019)

Aside from changing my password are there any other concerns? Does it mean my email account has been compromised? What about bank payments on my PC or any other security issues I need to be mindful of?


----------



## Couriant (Mar 26, 2002)

If you don't see anything in your sent items folder then the issue is your email has been spoofed so you will get the bounce backs, so you can't do anything.


----------



## lunarlander (Sep 22, 2007)

Yes, assume that your email account has been compromised. All your emails were visible to the attacker. After you change your email password, then they won't have access anymore and anything that he did not view previously are no longer available to him.

Email accounts can be compromised independently from hacking your PC. They could have used a password trial and error guessing program. If your email provider does not implement things like login delays after repeated login failures, then he could scan through possible passwords pretty quickly. If your email provider has a 2nd factor authentication feature, use it. It will usually ask for a cell phone number and use it to send a sms text code every time you request a login, and you have to then key in the received code in addition to your password.

As to the possibility of your PC being hacked, there is a whole list of things that needs to be done to secure a PC. The aim is to not spend time unraveling what the attacker has done and undoing them. What needs to be done is to first re-install Windows, ie starting from a trusted source, then reducing the attack surface by disabling unused features. Then implement a default-deny principle firewall rules. Then turn on Windows security functions like Software Restriction Policy and adding Windows Defender Exploit Protection rules. Then after everything is setup, create monitoring rules in Event Viewer to detect intrusions. Finally creating a drive image ( a bit for bit backup ) of the C drive to a USB disk so that you can recover from attacks and start from this trusted image again. Then you can go online and do patching: Windows update, update all programs to their latest versions: browsers, email programs etc. The full procedure is in the link in my signature section below. It rakes 4-6 hrs to implememt.


----------

