What To Do If a Scammer Has Your Email Address

Can Someone Scam You With Just Your Email Address?

The answer is likely yes. It’s easier than ever for thieves to prise your email address. Data breaches — which happen when criminals hack into company databases and then leak billions of emails, names, and Social Security numbers online — increased by almost 15% from Q2 to Q3 of 2022 [*].

Spam, scam, and phishing emails are more than just mild annoyances.

According to the FBI, email scams are the most expensive type of cybercrime, costing Americans billions of dollars in losses [*]. By now, it’s almost guaranteed that scammers have your email address.

{{show-toc}}

What Can Scammers Do With Your Email Address? 

With just your email address, scammers can:

• Target you with sophisticated phishing emails.
• Find more sensitive information about you — including where you live.
• Attempt to hack into your social media or other online accounts.
• Impersonate you and scam your friends and family.
• Steal your financial information and even identity.

Fraudsters know that your email address is at the core of your digital identity. Your inbox is home to everything from bills to passwords, login information, sensitive data, photos, and videos.

Worse, even if you do everything you can to protect your email address from scammers, they have numerous ways to find it.

Here are some of the ways that scammers can get your email:

• A data breach exposed it. Data thieves target every industry. There were major data breaches at Facebook, Amazon, T-Mobile, Robinhood, and Volkswagen-Audi just last year. In a recent data breach, the personal information for 700 million LinkedIn users went for sale online — including names, phone numbers, and email addresses [*]. ‍
• They found it on your social media account. Many social media sites require you to post your email address. Sites like Facebook and LinkedIn provide scammers easy access to your email.‍
• They bought it from a data broker. These companies collect and sell information about you to telemarketers and inadvertently, scammers. (Safety tip: Aura’s digital security solution can automatically remove you from data broker lists.) ‍
• You gave it up accidentally through a phishing attack. Hackers create fake websites designed to trick you into giving them your email address. ‍
• They used “email harvesting” bots. Harvesting emails is a fast way to get email addresses. Using a bot, cybercriminals search the internet for emails with "@" symbols. Harvesters can gather thousands of names and emails in seconds.

📚 Related: How To Protect Yourself From Hackers (2024 Guide) →

Does a Scammer Have Your Email Address? Here’s What To Do

1. Update your online passwords and security questions for your email, banking, social networking accounts, and more. Also, enable two-factor authentication (2FA) on all of your accounts.
2. Report phishing scams to your email provider or the company the scammer is impersonating. Make sure you don’t open these emails; this can give fraudsters information about you — such as your IP address or operating system type.
3. Customize your email spam filters to block even more potential phishing emails. Here’s how to adjust spam filters on the most common email service providers — Gmail, Outlook, AOL, Yahoo!, and iCloud.
4. Request that data brokers remove your information (or let Aura do it for you).
5. Warn those on your contacts list that your email may be compromised. Tell them to contact you directly if they receive strange emails or text messages that impersonate you.
6. Protect your other accounts against hacking by using strong passwords. Be especially vigilant if you’re receiving password reset emails from other accounts that you don’t recognize.
7. Scan the Dark Web for your personal information. Update any compromised accounts with unique passwords.
8. Freeze your credit with all three major credit bureaus (Experian, TransUnion, and Equifax). This will stop scammers from opening new accounts or taking out loans in your name.
9. Stay safe by learning how to spot the warning signs of a phishing email.

📚 Related: Has Your Gmail Been Hacked? Here's How To Secure Your Account →

Can An Email Hack Lead to Identity Theft?

The good news is that you’re not immediately in danger of identity theft if scammers have your email address. But you're still far from being completely safe.

For example, criminals can send you phishing emails to get the passwords to your email, bank, or other online accounts. Any of these accounts can offer scammers access to all of the information they need to steal your identity, including:

• Invoices or receipts displaying your name, address, and phone number.
• Banking information, credit card numbers, and other details that could lead to financial fraud.
• Sensitive photos that you’ve exchanged with others.
• Personally identifiable information (PII), such as your Social Security number (SSN).
• Passport numbers or ID numbers.

📚 Related: How Hackers Get Your SSN (And How To Protect It) →

How To Protect Your Inbox

It’s become second nature to share our email addresses with people or businesses. But if your email address ends up in the wrong hands, you could easily become a victim of identity theft, account takeovers, or financial fraud.

Here are some ways to protect your inbox from bad actors: 

Be selective about whom you give your email address to

• Only give your email address to credible and legitimate organizations.
• Verify an unknown person's identity before giving them your email address. 
• Only give your personal email address to close friends and family. 
• Don’t write your email address on a paper email sign-up list. 
• Make sure any websites to which you provide your email address are secure and reliable.

📚 Related: How To Spot a Bank Impersonation Scam (Texts, Emails, and Phone Calls) →

Use a different (and private) email account for family and sensitive accounts

• Create a separate email account to use with friends and sensitive accounts, such as for government benefits. 
• Make a throwaway account to use for shopping sites and newsletters.

Update your email passwords so that they are unique, complex, and secure

• Get a password manager, and download its browser plug-in to ensure that you have easy access to all of your passwords.
• Make a list of your most important online accounts and prioritize which to change passwords on first. For example, your bank account login would be a top priority. 
• Change every password to a strong 16-character password using a combination of numbers, symbols, and both uppercase and lowercase letters.

📚 Related: How To Stop Spam Texts from Email Addresses →

Enable 2FA on all your accounts

• Make a list of all your online accounts and learn which ones offer 2FA or multi-factor authentication. You can use the 2FA Directory to find out which websites and services utilize this important layer of account authentication to help keep users safe.
• Get the Google Authenticator app or a similar tool. An authenticator app is more secure (than SMS) for 2FA as scammers can take over your phone number using a scam called SIM swapping.

Never click on links or download attachments

• Get an email client that filters spam and alerts you if it suspects spam. 
• Do not open potentially dangerous emails. Delete them immediately. 
• Report scam emails to the FTC. 

📚 Related: How To Quickly Identify Phishing Emails (13 Warning Signs) →

Consider signing up for an all-in-one digital security service

With Aura, you get:

• Financial fraud protection. Aura monitors your credit and bank accounts in near-real time and alerts you of fraud 250x faster than the competition. 
• Instant credit lock. Lock and unlock your Experian credit file with one click from your desktop or mobile app.
• Identity theft protection. Aura can alert you if an online account has been compromised, will monitor your SSN for signs of fraud, and can even reduce the amount of spam calls and emails that you receive. 
• Device and Wi-Fi protection for all your devices. Keep your computer, phone, and home network safe from hackers with powerful antivirus software and a military-grade Virtual Private Network (VPN). 
• Family identity theft monitoring for up to five people including children and adults. 
• $1,000,000 in insurance coverage for eligible losses due to identity theft. If the worst happens, Aura will be there to help you through the needed steps to secure your identity and get back on your feet. 

Your email address is the key to your digital life. Keep it safe and secure — and be cautious of any suspicious emails you receive.

If you accidentally gave out your email address, Aura can help you set up credit monitoring and scan the web for misuse. Aura’s security software can also block phishing and scam sites, helping you browse privately.

Sign up for identity theft, credit protection with Aura. Start your free 14-day trial today →