This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

What To Do If a Scammer Has Your Email Address

Your email address is a precious commodity for fraudsters. Here’s what you should do if a scammer has your email address to stay safe.

Illustration of a padlock with the @ symbol attached to it.

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.7 stars as of March 2024

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      Can Someone Scam You With Just Your Email Address?

      The answer is likely yes. It’s easier than ever for thieves to prise your email address. Data breaches — which happen when criminals hack into company databases and then leak billions of emails, names, and Social Security numbers online — increased by almost 15% from Q2 to Q3 of 2022 [*].

      Spam, scam, and phishing emails are more than just mild annoyances.

      According to the FBI, email scams are the most expensive type of cybercrime, costing Americans billions of dollars in losses [*]. By now, it’s almost guaranteed that scammers have your email address.


      What Can Scammers Do With Your Email Address? 

      With just your email address, scammers can:

      • Target you with sophisticated phishing emails.
      • Find more sensitive information about you — including where you live.
      • Attempt to hack into your social media or other online accounts.
      • Impersonate you and scam your friends and family.
      • Steal your financial information and even identity.

      Fraudsters know that your email address is at the core of your digital identity. Your inbox is home to everything from bills to passwords, login information, sensitive data, photos, and videos.

      Worse, even if you do everything you can to protect your email address from scammers, they have numerous ways to find it.

      Take action: If scammers have your email, your bank, social media, and online accounts could be at risk. Try Aura’s #1-rated identity theft protection free for 14 days to secure your identity against scammers.

      Here are some of the ways that scammers can get your email:

      • A data breach exposed it. Data thieves target every industry. There were major data breaches at Facebook, Amazon, T-Mobile, Robinhood, and Volkswagen-Audi just last year. In a recent data breach, the personal information for 700 million LinkedIn users went for sale online — including names, phone numbers, and email addresses [*].
      • They found it on your social media account. Many social media sites require you to post your email address. Sites like Facebook and LinkedIn provide scammers easy access to your email.
      • They bought it from a data broker. These companies collect and sell information about you to telemarketers and inadvertently, scammers. (Safety tip: Aura’s digital security solution can automatically remove you from data broker lists.)
      • You gave it up accidentally through a phishing attack. Hackers create fake websites designed to trick you into giving them your email address.
      • They used “email harvesting” bots. Harvesting emails is a fast way to get email addresses. Using a bot, cybercriminals search the internet for emails with "@" symbols. Harvesters can gather thousands of names and emails in seconds.

      📚 Related: How To Protect Yourself From Hackers (2024 Guide)

      Does a Scammer Have Your Email Address? Here’s What To Do

      1. Update your online passwords and security questions for your email, banking, social networking accounts, and more. Also, enable two-factor authentication (2FA) on all of your accounts.
      2. Report phishing scams to your email provider or the company the scammer is impersonating. Make sure you don’t open these emails; this can give fraudsters information about you — such as your IP address or operating system type.
      3. Customize your email spam filters to block even more potential phishing emails. Here’s how to adjust spam filters on the most common email service providers — Gmail, Outlook, AOL, Yahoo!, and iCloud.
      4. Request that data brokers remove your information (or let Aura do it for you).
      5. Warn those on your contacts list that your email may be compromised. Tell them to contact you directly if they receive strange emails or text messages that impersonate you.
      6. Protect your other accounts against hacking by using strong passwords. Be especially vigilant if you’re receiving password reset emails from other accounts that you don’t recognize.
      7. Scan the Dark Web for your personal information. Update any compromised accounts with unique passwords.
      8. Freeze your credit with all three major credit bureaus (Experian, TransUnion, and Equifax). This will stop scammers from opening new accounts or taking out loans in your name.
      9. Stay safe by learning how to spot the warning signs of a phishing email.

      📚 Related: Has Your Gmail Been Hacked? Here's How To Secure Your Account

      Take action: If scammers get your sensitive personal data from a data breach, they could take out loans in your name or empty your bank account. Try an identity theft protection service to monitor your finances and alert you to fraud.

      Can An Email Hack Lead to Identity Theft?

      The good news is that you’re not immediately in danger of identity theft if scammers have your email address. But you're still far from being completely safe.

      For example, criminals can send you phishing emails to get the passwords to your email, bank, or other online accounts. Any of these accounts can offer scammers access to all of the information they need to steal your identity, including:

      • Invoices or receipts displaying your name, address, and phone number.
      • Banking information, credit card numbers, and other details that could lead to financial fraud.
      • Sensitive photos that you’ve exchanged with others.
      • Personally identifiable information (PII), such as your Social Security number (SSN).
      • Passport numbers or ID numbers.

      📚 Related: How Hackers Get Your SSN (And How To Protect It)

      How To Protect Your Inbox

      It’s become second nature to share our email addresses with people or businesses. But if your email address ends up in the wrong hands, you could easily become a victim of identity theft, account takeovers, or financial fraud.

      Here are some ways to protect your inbox from bad actors: 

      Be selective about whom you give your email address to

      • Only give your email address to credible and legitimate organizations.
      • Verify an unknown person's identity before giving them your email address. 
      • Only give your personal email address to close friends and family. 
      • Don’t write your email address on a paper email sign-up list. 
      • Make sure any websites to which you provide your email address are secure and reliable.

      📚 Related: How To Spot a Bank Impersonation Scam (Texts, Emails, and Phone Calls)

      Use a different (and private) email account for family and sensitive accounts

      • Create a separate email account to use with friends and sensitive accounts, such as for government benefits. 
      • Make a throwaway account to use for shopping sites and newsletters.

      Update your email passwords so that they are unique, complex, and secure

      • Get a password manager, and download its browser plug-in to ensure that you have easy access to all of your passwords.
      • Make a list of your most important online accounts and prioritize which to change passwords on first. For example, your bank account login would be a top priority. 
      • Change every password to a strong 16-character password using a combination of numbers, symbols, and both uppercase and lowercase letters.

      📚 Related: How To Stop Spam Texts from Email Addresses

      Enable 2FA on all your accounts

      • Make a list of all your online accounts and learn which ones offer 2FA or multi-factor authentication. You can use the 2FA Directory to find out which websites and services utilize this important layer of account authentication to help keep users safe.
      • Get the Google Authenticator app or a similar tool. An authenticator app is more secure (than SMS) for 2FA as scammers can take over your phone number using a scam called SIM swapping.

      Never click on links or download attachments

      • Get an email client that filters spam and alerts you if it suspects spam. 
      • Do not open potentially dangerous emails. Delete them immediately
      • Report scam emails to the FTC. 

      📚 Related: How To Quickly Identify Phishing Emails (13 Warning Signs)

      Consider signing up for an all-in-one digital security service

      With Aura, you get:

      • Financial fraud protection. Aura monitors your credit and bank accounts in near-real time and alerts you of fraud 250x faster than the competition. 
      • Instant credit lock. Lock and unlock your Experian credit file with one click from your desktop or mobile app.
      • Identity theft protection. Aura can alert you if an online account has been compromised, will monitor your SSN for signs of fraud, and can even reduce the amount of spam calls and emails that you receive. 
      • Device and Wi-Fi protection for all your devices. Keep your computer, phone, and home network safe from hackers with powerful antivirus software and a military-grade Virtual Private Network (VPN). 
      • Family identity theft monitoring for up to five people including children and adults. 
      • $1,000,000 in insurance coverage for eligible losses due to identity theft. If the worst happens, Aura will be there to help you through the needed steps to secure your identity and get back on your feet. 

      Your email address is the key to your digital life. Keep it safe and secure — and be cautious of any suspicious emails you receive.

      If you accidentally gave out your email address, Aura can help you set up credit monitoring and scan the web for misuse. Aura’s security software can also block phishing and scam sites, helping you browse privately.

      Sign up for identity theft, credit protection with Aura. Start your free 14-day trial today

      Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.

      Is this article helpful so far?
      Need an action plan?

      No items found.

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      Illustration of a smartphone with an exclamation mark on the screen as a warning against hacking

      Can Someone Hack Your Phone With Just Your Number?

      If a hacker has your phone number you could be at risk of identity theft, financial fraud, and more. Here’s how to keep your number and your identity safe.

      Read More
      August 11, 2023
      Illustration of a man sitting on a couch and staring at his phone with a concerned look on his face
      Identity Theft

      25 Warning Signs of Identity Theft: How To Tell If You're a Victim

      Are you worried that someone may have stolen your identity? Learn the 25 most common warning signs of identity theft and how to protect yourself today.

      Read More
      June 6, 2023

      Try Aura—14 Days Free

      Start your free trial today**