In this article:
Identity theft and fraud protection for your finances, personal info, and devices.
Did You Accidentally Give Your Email Address To Scammers?
If you have an email account, it’s almost guaranteed that you’re going to receive spam and scam emails. In 2023 alone, 45.6% of all email traffic was marked as spam [*].
But spam and scam emails are more than just annoyances. If scammers have your email address, it can potentially put you at risk of hacking, fraud, and even identity theft.
The Cybersecurity & Infrastructure Security Agency (CISA) estimates that [*]:
“90% of all successful cyberattacks start with a simple phishing email.”
Protecting your inbox from spam is one of the best personal security measures you can take.
In this guide, we’ll explain the risks of scammers having your email address, what you can do to protect yourself, and how to secure your online accounts against hackers.
What Can Scammers Do With Your Email Address?
Email addresses aren’t as sensitive as other pieces of personal information — such as your phone number, Social Security number (SSN), or credit card numbers — but if your email address gets into the wrong hands, it can still put you at serious risk.
Because we use our email addresses to sign up for most online services, they’re among the most common pieces of data that get leaked in data breaches. For example, during the recent AT&T data breach, email addresses from over 73 million customers may have been leaked to the Dark Web [*].
This also means that scammers can use your email address to collect other leaked personal information about you from different sources — building a fuller picture of who you are and how to target you.
Once scammers have your email address and associated information, they can:
- Target you with sophisticated phishing emails. Your email address can be used to track down personal information like your phone number, where you bank, what online services you use, and even your home and work address. Fraudsters use this information to target you with more convincing social engineering attacks.
- Hack into your online accounts. Hackers know that many people use the same email address across multiple online accounts. Once they know your email address (and password), they can use credential stuffing attacks to try and access your social media, banking, and other sensitive accounts.
- Impersonate you and try to scam friends and family. Scammers can spoof your email address to trick your friends and family members into thinking that an email is coming from you so that they will be more inclined to click on links or disclose sensitive information about themselves. For example, scammers may create a look-alike email address that replaces a lowercase L with an uppercase I.
- Attempt to steal your identity. If your email address leads scammers to enough of your other personal information, they could even take over your identity, drain your financial accounts, or obtain new loans in your name.
While it’s much worse if your email account has actually been hacked, even a compromised email address can make you vulnerable to dangerous spam and scam emails.
What To Do If a Scammer Has Your Email Address
- Recognize and ignore phishing emails
- Secure your email and other online accounts
- Update your account recovery options
- Report phishing scams to the FTC and any impacted companies
- Update your email spam filters
- Freeze your credit with all three major bureaus
- Find and remove your email address online
Scammers are only getting better at circumventing spam filters, which is why it’s so important to know what you can do to safeguard your inbox and your online accounts.
Here are seven ways to protect yourself if scammers have your email address:
1. Recognize and ignore phishing emails
Phishing emails are generally harmless — unless you click on links, respond, or engage with them in any way. In almost all cases, it’s best to ignore these messages and report them as spam.
How to tell if an email is a phishing scam:
- The subject line creates a sense of urgency. Watch out for any unexpected emails that create a sense of urgency or stress — for example, ”Your account will be closed for security reasons in 24 hours,” or “You have a pending payment from PayPal that needs review.”
- Spoofed “From” names. Scammers frequently manipulate their email “From” names to look like the names of legitimate companies or organizations. Always click on the sender’s name to reveal the actual email address, and confirm that the email is coming from the company’s official domain.
- Deceptive links. Fraudsters use malicious links that lead to phishing sites or download malware or spyware on your device when clicked. Never blindly trust a link based on the visible text — make sure to hover over any links before clicking on them in order to reveal their true URLs.
📚 Related: What Happens If You Open a Phishing Email? →
2. Secure your email and other online accounts
You should assume that if cybercriminals get hold of your email address, they’re going to try to hack your account. If they’re successful, there’s a good chance they’ll also try to get into your other online accounts — including your social media accounts, banking accounts, and more.
Start by making a list of any of your accounts that are associated with the compromised email address.
Then, do the following to secure your online accounts from scammers:
- Create unique passwords for every account. Avoid using the same passwords for multiple accounts, as this can make it easier for hackers to steal your identity. Instead, create a unique, strong password for each account — and store them all in a secure password manager like Identity Guard’s ID Vault.
- Enable two-factor authentication or multi-factor authentication (2FA or MFA). This will require an additional layer of authentication to verify that you are who you say you are. When possible, it’s better to use authenticator apps (rather than having 2FA codes sent via text messages or SMS) because hackers can take over your phone number by using SIM swapping.
- Use different email addresses for different purposes. Create a throwaway email address for newsletter subscriptions and shopping websites, and use a separate address for sensitive communications such as financial accounts, government benefits, and personal contacts including friends and family.
3. Update your account recovery options
Setting up account recovery options means that if a hacker does manage to get into your account, you should receive a suspicious activity alert. You’ll also have better options for trying to recover your account if you’ve been locked out.
How to update account recovery options with common email providers:
- Gmail. Log in to your Google account, and then click on Personal info in the left navigation panel. Under Contact info, you’ll be given the option to add a recovery phone number or email address.
- Outlook. Go to Microsoft Account Security, and then click on Update info. Select phone or email as the Add security info option.
- iCloud. In the Apple Settings app, click on your iCloud profile at the top of the screen. Click on Sign-In & Security and then set up an Account Recovery option.
📚 Related: Is Your Google Account Hacked? How To Tell & What To Do →
4. Report phishing scams to the FTC and impacted companies
Avoid interacting with potentially dangerous emails, as this can give scammers even more information about you — especially if you click on suspicious links or respond directly to the message.
Instead, report potential phishing attacks to your email provider, the company that’s being impersonated, and the Federal Trade Commission (FTC) at ReportFraud.ftc.gov.
5. Update your email spam filters
Adjusting your email spam filters can potentially block even more spam and phishing emails from landing in your inbox.
How to update spam filters with the most common email service providers:
- Gmail. When you receive unwanted and suspicious emails, mark them as spam. Over time, Gmail will start to automatically identify similar spam emails. If you’re an administrator using Google Workspace, you can set up customized spam filters by following the directions here.
- Outlook. Go to Home > Delete group > Junk > Junk E-mail folder. From there, select the level of spam filtering you want, or restrict to safe lists only.
- iCloud. On iPhones and iPads, click on Settings > Mail > Privacy Protection and turn on Protect Mail Activity. If you’re using a Mac, go to Mail > Settings > Privacy and select Protect Mail Activity.
📚 Related: What To Do If You’ve Been Phished →
6. Freeze your credit with all three major bureaus
If your email address has been compromised, this doesn’t necessarily mean your finances are in danger — but it’s often better to be safe than sorry.
If you don’t expect to apply for a mortgage, auto loan, or credit card in the near future, you can place a freeze on your credit files, which can prevent scammers from impersonating you and fraudulently obtaining credit in your name.
To request a freeze, you’ll need to contact each of the three credit bureaus individually (Experian, Equifax, and TransUnion).
How to freeze your credit with each bureau:
7. Find and remove your email address online
Ultimately, the best way to protect your email address is to keep it out of scammers’ hands in the first place. Limit who can view your email (and where you share it) as much as possible.
Where to check for your email address online:
- Social networking profiles. Archive or delete any posts that include your email address, and change your privacy settings to make your profile information (including your email) visible to only people you personally know.
- Data brokers. Data brokers collect and sell consumer data — including names, email addresses, and more. If you’re suddenly receiving a flood of spam, there’s a good chance your email address is listed with one of these brokers. Identity Guard’s data broker opt-out services can request removals of your email address and other personal information on your behalf.
- Google search results. Googling your name is one way to see if your email address is listed anywhere on the web. If so, you can submit a removal request form to prevent it from showing up in Google’s search results in the future.
Was Your Email Account Hacked?
If you’ve clicked on a link in a phishing email, there’s a chance that your email account may have been compromised.
Some other common warning signs of a hacked email account include problems logging in to your email account, finding strange messages in your “Sent” folder, receiving unexpected password reset emails, or learning that your email address appears in a Dark Web scan.
A hacked email account is much more dangerous than a compromised address, as it gives scammers access to your emails and any sensitive information inside — such as invoices, financial information, photos, and more.
If you suspect an email hack, here are some steps you can take to secure your account:
- Look for warning signs that your account is hacked. If your password has stopped working and you can’t reset it by using a recovery account, your email has most likely been hacked. In addition to finding strange emails in your “Sent” folder, other warning signs include people on your contacts list saying they’ve received weird messages from you, and discovering that your other online accounts have been hacked.
- Try to reset your password. This doesn’t always work, as hackers usually try to lock you out of your account as soon as they get in — but it’s worth trying. Try to access your account by using your password on a device where you’re already logged in. Change your email password to something unique, hard to guess, and one that you’ve never used before.
- Sign out of all devices. If you’re still able to access your email account, navigate to your account settings and “sign out of all devices.” This will kick out anyone who’s logged in to your account on other devices — including hackers.
- Update any other impacted accounts. It’s a good idea to update your passwords, security questions, and enable 2FA on any online accounts you have that are associated with your email address.
How To Protect Your Email Account From Scammers and Hackers
We all receive the occasional spam and scam emails — but an influx of messages or other signs indicating that your email account has been hacked need to be dealt with swiftly.
Along with protecting your email address, here are a few good cybersecurity habits that everyone should follow to defend against hackers and scammers:
- Use security software, including antivirus and a secure virtual private network (VPN), to keep your IP address private and prevent hackers from intercepting your Wi-Fi connection on public networks.
- Keep your operating system up to date to shield against malware attacks in phishing emails.
- Be selective about where you input your email address, and only give it to credible companies.
- Use a separate email address for sensitive accounts such as your bank and other financial accounts.
- Be cautious when it comes to clicking on links in email messages or downloading attachments.
- Use a Dark Web monitoring service like Identity Guard to scan the Dark Web and make sure your email hasn’t been compromised in a data breach.
- Report and delete any suspicious emails you receive. When in doubt, avoid interacting whatsoever.
Your email address is at the center of your entire digital life. But safeguarding it can be difficult — which is why you should consider an identity theft protection provider to keep you safe.
With Identity Guard, you get award-winning identity and credit protection, advanced digital security tools, 24/7 U.S.-based customer support, and up to $1 million in insurance coverage if you become the victim of identity theft or fraud.