You need a secondary password that when used leads to an empty inbox with a setting set where message are deleted after 2 days.
This way, if the attacker sends a test email, it will still show up, but being empty is also plausible.
Of course, this means that any new emails received will be visible by the attacker, so you have to find a way to inform senders that the account has been compromised.
So you have to find a way to inform senders that the account has been compromised, e.g. a secret pre-agreed canary that must be checked each time as part of the contact protocol.