First you should do a malware scan to ensure there is nothing malicious on your device. You can use adwcleaner which is free and is a Malwarebytes program. An Internet search will find it for you. It does not need to be installed on your computer. 

Once you have done that you have to remove any addresses that have been set up in auto forwarding first.  Remember and click "save" after you have done that.

You also need to check that no rules have been set up and if they have you need to remove them. If you remove any rules you will get a warning that the rules have been changed . It is a security feature and will disappear in a few days.

Then change the password.

This link gives you more information.

https://www.bt.com/help/email/email-security/how-can-i-tell-if-my-email-account-is-no-longer-secure

Thanks for your reply but I have covered everything in that well-written article.

The bottom line is that BT do not provide a user command to force a log-off of all currently logged-on users.

So, even with a changed password, my hacker is able to keep his client/web page live and continue using my account as a highjacked account. He is running the Amazon gift voucher scam.

BT have not recognised the account as hacked and since I an no longer a BT broadband customer, I am unable to contact them for help.

I just hope that he will eventually give up and log off (after he has used the account for other ruses).

If you are no longer a BT Broadband customer your email account will have been downgraded to a BTMail Basic account which can not be used with an email client or an email app.

Are you sure that the hacker is using your email account and not just your email address. There is a difference.

Hackers can "spoof" email addresses to make them appear to be coming from a genuine email address when in fact they are being send from a completely different email address.

See link

Email spoofing - Wikipedia

If your email address is being spoofed by a hacker there is nothing you can do except to stop using that email address and inform all your contacts that you are no longer using that email address and if they receive any emails from it to treat them as spam and delete them without opening them.

If your Amazon account has been hacked you should inform Amazon and change your contact email address that you use with Amazon.

You can also report the alleged hack of your email account to ActionFraud. I won’t post the link but it’s easy enough to find. Whether ActionFraud will do anything, is an entirely different matter though. It depends on how far you want to go with stopping the problem.

Morning @Dorcots 

Thanks for coming to the community. 

I have sent you a private message on the community to get some details. 

Please take a look and get back to me when you get the chance.

Leanne.

No, it was not spoofed. The hacker kept setting auto-forwarding after I had cleared it.

It's resolved now. I just had to wait until the hacker did his work and logged off from my email (or PC off overnight).

The route of this problem is that BT email allows users to access their email on a new/different client or browser without invoking multi factor authentication. Email services such as gmail, Yahoo and many others have been making such a check for many many years.

Surprisingly, I was able to identify how the hacker accessed the account. The credentials had appeared in a data breach where the password was 'hashed' but not 'salted'. Combined with the password being based on a word from personal data AND only having minimal other complexity ("2020" in this case), it was prone to a customised dictionary attack.

I hasten to add it was not my account but that of someone I am providing support to.

So BT, your security is flawed and you have not adopted current techniques.

https://www.bt.com/help/security/two-step-authentication

Not BTs fault if your 'friend' didn't implement it.

@Dorcots 

I fear your observations and practical analysis will mostly fall on deaf ears to those who claim they have no issues with BT email and have been using it successfully for decades.

I’ve just shut down a Hotmail account that I’d discovered had been involved in a data breach. I hadn’t used it for a couple of years and then out of the blue, I started receiving obvious spam and other mail I’d rather never receive.

Never let the opportunity pass to have a dig.