We had a customer get their Office 365 email account compromised / attacked. The password was reset and the user could send email she just didn’t receive them.
I went into her online Office 365 account and verified the issue. This page lead me to the fix.
Their advice to check the mail flow helped me solve the issue.
You need to go into the individuals account and click on the setting gear icon in the upper-right:
Scroll down to “Your App Settings” and click on “Mail”.
On the left-hand side menu, in the “mail” section, click on “Inbox and sweep rules”. Go through the rules to see if there is a rule that is causing your issue.
The attacker set up a rule for the emails to go to the “deleted” folder. A common practice.
Let us know if this helped you…