Skip to main content

This is how your email gets into the wrong hands

When your email address falls into the wrong hands, you could be in for some trouble. Kurt "CyberGuy" Knutsson explains how spammers get your address.

When your email address falls into the wrong hands, not only is it inconvenient, but the consequences can be long-lasting. 

At best, you can get bombarded with annoying spam emails

At worst, it can trap you in a scheme to glean valuable data that can be used against you. 

Despite following best practices, it is now easier than ever to have your email address exposed to malicious parties. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER 

9 ways your email can be exposed to spammers 

Are you worried about your email security? Here are nine ways spammers can get your email address: 

1. Data breaches lead to spam surge  

Every day, it seems like another company announces a data breach. The data that hackers have gleaned from these breaches can seriously damage you, including but not limited to identity or financial theft. 

2. Spammers collect email addresses from websites via email harvesting 

Spammers can buy or trade lists of email addresses from other spammers. They can use special software known as "harvesting bots" or "harvesters," which use online resources to obtain emails from publicly available data on websites or in online directories, forums, social media platforms and other public online spaces. 

3. Dictionary attacks let spammers guess your email and password 

Spammers use a program that guesses email addresses by combining common names. They then send emails to these guessed email addresses. When the email doesn’t bounce back, they know that an email account is real. 

AI GIVES BIRTH TO AI: SCIENTISTS SAY MACHINE INTELLIGENCE NOW CAPABLE OF REPLICATING WITHOUT HUMANS

4. You use CC instead of BCC when sending emails to a group  

Unfortunately, when someone uses CC (carbon copy) instead of BCC (blind carbon copy) to send out an email, you can see everyone’s email address, and they can see yours. That email has the potential to be forwarded over and over again, which exposes your email to a potentially exponential amount of people. Not to mention, if one of these people’s email accounts gets hacked, then your email is exposed to those hackers, too. 

5. Companies or individuals can leak or sell your email address 

Every time you give a company or person your email address, these parties can leak or sell your email address. This can expose your email address to spammers, hackers, or identity thieves who can use it for malicious purposes. 

MORE: PASSKEYS VS. PASSWORD MANAGERS: WHY YOU SHOULDN'T DITCH YOUR PASSWORD MANAGER JUST YET 

6. Spammers can trick you into giving them your email address through phishing 

Becoming more and more common, phishing occurs when spammers pretend to be companies, financial institutions or governmental agencies. Under this guise, they trick the recipient into providing an email address and other personal information and validate whether an email account is active. They trap otherwise savvy individuals by evoking a sense of urgency. Sometimes it will be a fake invoice for an astronomical amount, which can prompt even the most grounded individual to click on links, respond or provide personal information in an effort to correct the fake situation. 

7. You use your personal email address for sweepstakes and giveaways 

While it is tempting to win a big prize, it is best to use an alias email address if you can’t resist entering a sweepstakes or giveaway. Even if it is a legitimate giveaway or sweepstakes, they can sell your email address and other information you provide. Your information can be purchased by spammers, who can then spam or scam you. If you must enter and use your personal email address, then double-check the privacy policy to see how your information will be used. If no privacy policy information is available, it’s best not to sign up. 

MORE: HOW FACEBOOK SECRETLY COLLECTS YOUR INFORMATION EVEN IF YOU HAVEN'T SIGNED UP 

 8. Social media can expose your email to spammers 

While social media sites can be fun and a great way to stay connected with friends and family, they can also pose a great risk to you. It isn’t always easy to regulate how much or to whom your personal information, such as your email address, is being exposed. In some cases, it is simply available to the greater public. Spammers love to skim information off these social media sites to cobble together enough information to use or sell. 

MORE: TOP IDENTITY THEFT SCAMS TO AVOID 

9. Email retargeting can expose your email to spammers 

Spammers use email retargeting companies, which harvest information when you visit certain websites. Data that can be harvested can include your email address, what you put into your shopping cart and links you clicked, as well as any additional actions you took while on a specific site. This information can be used to send you targeted emails or pop-ups. 

MORE: ARE YOUR PASSWORDS SAFE? 

Top 8 ways to protect your email 

Not using an email address in this day and age is incredibly difficult. Below, however, are eight ways that you can create a more safe and secure way to navigate your online world: 

1. Create alias email addresses. An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address. An email alias address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address. See my review of best secure and private email services here 

2. Use a password manager to consistently use complex passwords that you can change frequently. 

3. Avoid opening attachments or clicking on links from emails unless you are sure they are from a trusted source. Scammers or hackers can easily change the name of the sender to make it look like it came from a legitimate organization such as UPS or an individual. But if you click the email header, you will see the actual email address of the sender, which in our example is not from UPS. 

By pretending to be a reputable organization, the crooks send urgent messages to make you click on links, reply or provide personal information in an attempt to fix a problem or claim a reward. In this example, the fake email asks to "confirm your shipping address." If you click on a malicious link, then a scammer may be able to access your email and other personal data. 

HEAVILY REDACTED RECORDS SHOW FBI'S TARGETING OF CATHOLICS WENT BEYOND WHAT IT CLAIMED: WATCHDOG

4. Have good antivirus software on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked.

Malicious links are often disguised as legitimate ones, but they can download malware onto your device without your knowledge. Malware is a type of software that can damage your device, steal your personal information or give hackers access to your data. Hackers can then use your data for various purposes, such as identity theft, fraud or blackmail. This is why it is important to have antivirus software that can detect and remove malware before it causes any harm.

Get my picks for the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices

5. Go directly to the official site where you have any accounts, such as your financial institution, to check whether any changes or charges were made, instead of clicking links in the email you received or responding to the email. This way, you can avoid falling for phishing scams and keep your account secure. 

6. Limit the number of accounts or profiles you create with your personal email account. 

7. Regularly scrub your information on the internet. You don’t want spammers to take your email and add it to their lists, do you? That would result in annoying and potentially dangerous messages flooding your inbox. To prevent that, you need to make sure your personal information is not exposed on the internet. While no service promises to remove all of your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. 

See my tips and best picks for removing yourself from the internet here  

8. Use a VPN service to keep more of your information private. A VPN can protect against hackers snooping on your device and intercepting your email messages when you use public Wi-Fi networks. VPNs will also protect you from those who want to track and identify your potential location and the websites that you visit, and send you targeted phishing emails that try to trick you into revealing your personal or financial information. By using a VPN, you can access your email accounts securely and freely from anywhere in the world, even if they are blocked or censored by some governments or organizations. A VPN is a powerful tool that can help you protect your email from various threats. 

See my expert review of the best VPNs for browsing the web privately on your Windows, Mac Android & iOS devices. 

I've been scammed! What to do next? 

If a scammer gets hold of your email address, they can use it to access your other accounts, send phishing emails to trick you into revealing your passwords or personal details, or even impersonate you to commit fraud or other crimes. This is why it is important to protect your email address from falling into the wrong hands and to act quickly if you suspect that it has been compromised. Below are some next steps if you find that you or a loved one have been a victim of identity theft. 

1. If you can regain control of your accounts, change your passwords and inform the account provider. 

2. Look through bank statements and checking account transactions to see where outlier activity started. 

3. Use identity theft protection services to manage your personal information on and offline. Identity theft protection companies can monitor personal information like your home title, social security number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft. 

4. Report any breaches to official government agencies like the Federal Communications Commission. 

5. You may wish to get the professional advice of a lawyer before speaking to law enforcement, especially when you are dealing with criminal identity theft, and if being a victim of criminal identity theft leaves you unable to secure employment or housing. 

6. Alert all three major credit bureaus, and possibly place a fraud alert on your credit report. 

7. Run your own background check or request a copy of one if that is how you discovered that your information has been used by a criminal. 

If you are a victim of identity theft, the most important thing to do is to take immediate action to mitigate the damage and prevent further harm. 

Kurt’s key takeaways 

There are so many ways your information can be used against you online. Being mindful of where and how often you use your email address online can go a long way in protecting your identity. 

What is the strangest or most alarming email you’ve received? How did you respond? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question, or let us know what stories you'd like us to cover 

Answers to the most asked CyberGuy questions: 

What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked? 

What is the best way to stay private, secure and anonymous while browsing the web? 

How can I get rid of robocalls with apps and data removal services? 

CyberGuy Best Holiday Gift Guide 

Last-minute gifts for the holidays 

Best holiday laptop deals 

Best gifts for women 2023 

Best gifts for men 2023 

22 best gifts for kids 

Best gifts for pets 

Copyright 2023 CyberGuy.com. All rights reserved. 

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.