It is a fact of life that people may by accident provide their office 365 account detail during a phishing attack.

Unfortunately the attackers will sit on those details without doing anything other that place a rule in Outlook to forward all emails.

To check foe this, please complete the following.

Change Password

It is most likely that your Windows Login is syncrohnised to your Office 365 Account.
So change you Windows password by pressing on CTRL+ALT+DEL
Choose Change Password
You may need to enter your exisiting password then your new password Twice.
(1 minute)

Outlook Application Rules

Open Outlook
Ensure that the Home Ribbon is active and then click on Rules

Then Choose Manage Rules & Alerts

Check if any Rules that you have are valid, if not delete them,
(5 minutes)

Check OnLine

Open a Web Browser and got to and sign in.

Once you can see your email, Click on the COG top right of the screen.

A long list of options will appear, click on Inbox and Sweep rules

Check in both Inbox Rules (1) and Sweep rules (2) that there are no rules that should not be there, if in doubt, delete them all,