Lots of undeliverable emails in spam

Sunshine_and_Roses

I had a fraudulent transaction on my credit card a few weeks ago.  Luckily I had an alert from the CC company who reversed the charge and sent me a new card.  A few days later I noticed that Netflix had been added onto my TV package which I did not request, but they insisted it had been done via my account on chat.  This has been removed too.
I checked my emails and found that there were loads of emails in my sent box, so I changed my password and set up the authenticator app.  Since then I get dozens of undeliverable emails in my spam all to the same address.  I have changed my password again, but i'm not sure if I have done enough to make the account secure.  It is a hotmail account if that makes any difference.
Any suggestions on what to do please, and to avoid this happening again?  Thanks.

Edit - after typing this I have had an email from Disney with a OTP (I don't have Disney) and it showed the email was forwarded.  I checked under settings and rules, and saw that all emails are being forwarded to the address on the spam emails.  I had no idea so have turned this off, is that enough to stop this happening?

Vitor

If the Hotmail password was reused anywhere else, change it on all those services and enable 2FA where it's supported
Check and remove any suspicious recovery email addresses or phone numbers on Hotmail account
Review and delete any unfamiliar mailbox rules or forwarding settings on Hotmail
Run a full antivirus/malware scan on all devices you use to access email.
Change the Hotmail password a final time

flaneurs_lobster

How was the security set up on your Hotmail account prior to the credit card fraud? 

The best way to secure your Hotmail account is using a passkey so that only a device that is secured by biometrics to you can be used to allow access to your account.

Any password should be long (20 chars minimum), complicated (numbers, upper & lower case letters, special characters) and unique (not shared with any other account).

Having 2FA set up is also a must.

Here's Microsoft's advice

https://support.microsoft.com/en-gb/account-billing/how-to-help-keep-your-microsoft-account-secure-628538c2-7006-33bb-5ef4-c917657362b9 

Sunshine_and_Roses

Thank you.  I have hotmail on my phone, tablet and laptop.  I have changed my password again and use fingerprint on phone and authenticator app.  I noticed that the account was linked to two samsung phones/accounts and other Outlook which I could not check, so deleted them all to be safe.

I will run a full scan as soon as I can.

Thanks for your help and advice.

Sunshine_and_Roses

Also, I have gmail addresses which I think I had to set up when I had Samsung products.  I really need to streamline everything now as I have too many accounts.  Is a gmail address essential for some products or services, and any advice on how to 'declutter'?

flaneurs_lobster

Same rules for the gmail accounts if you want to keep them.

Android phones need a Google account set up on them if you want to use any of the usual Google services (Maps, Gmail, Find my phone etc) but you don't need to use the Gmail service for anything else.

You should have another email account set up on your Hotmail account as a secondary verification method (together with a phone number).

Vitor

-  I had no idea so have turned this off, is that enough to stop this happening? - 

Should be, but go through all rules on Hotmail very carefully. The hacker will have seen all your emails from shopping etc. so need to treat every other account that relied on that Hotmail address as potentially compromised and needing pwd changed/2FA enabled

PRAISETHESUN

Sunshine_and_Roses said:

Also, I have gmail addresses which I think I had to set up when I had Samsung products.  I really need to streamline everything now as I have too many accounts.  Is a gmail address essential for some products or services, and any advice on how to 'declutter'?

You don't specifically need a gmail email address to have a Google account - you can sign up for a Google account and link it to your existing hotmail email address.

As for the rest, I would agree that you need to go carefully through your compromised hotmail account and take note of anything unusual. At a bare minimum you need new passwords for everything, and have them unique to each individual service so if one get compromised again in future then everything else won't as well.

I would also expect that you will be on a "suckers" list and will likely get a lot more spam/phishing attempts from now on. It possibly could be a good time to consider signing up for a brand new email address and moving everything important across to it as a way to declutter.