How Scammers Get Your Private Email Address (And What You Can Do About It)
By Patrick W. Dunne – a freelance writer for Digital Privacy News. You can follow him on LinkedIn or read his blog.
Have you ever received a strange email and wondered how it got into your inbox?
You’re not alone. Spammers send over 14.5 billion spam emails a day – a total of 45% of all emails sent. You’ve likely opened emails that contain content like:
- A work-from-home drop-shipping job offer
- Lottery winnings or money promised from a Nigerian prince
- People claiming they know your private information and demand Bitcoin as ransom
- A notification that your bank, PayPal, or social media has been “hacked” demanding login or “confirmation” of your account details
Unfortunately, the internet is full of people who will do anything to make a quick buck. Hackers and spammers all over the world want your private information and will make ruthless attempts to get it.
You don’t have to go to the dark corners of the internet to encounter shady people – instead, they come straight to your inbox.
Where do scammers find your email address?
Nobody provides their email to a website and expects it to end up in the hands of a scammer. Yet it’s not uncommon for someone to find their inbox full of unsolicited spam email. So how do people get your private email address?
Purchased email lists
Scammers know that nobody would ever willingly give their private email address, so they find other solutions. That’s when they turn to purchased email lists which already contain millions of email addresses.
Fortunately, most people who buy lists and send spam emails get caught very quickly. Service providers such as Hubspot and Mailchimp are serious about their users sending permission-based emails and penalize users who use purchased lists. Any email campaign that receives too many complaints or spam reports can get booted off these email services. Plus, many email lists have spam traps (also called honeypots) – private email addresses that help identify scammers.
Spammers can quickly get private emails by using a tactic called email harvesting. The cybercriminal will instruct a bot to scour the internet and find any email address using the “@” symbol. Harvesters can easily gather thousands of names in seconds. As an example, a job posting might read, “Send your resume to firstname.lastname@example.org.” The bot recognizes that email format and adds it to a list.
Scammers target all kinds of companies. Marriott, LinkedIn, Adobe, and Facebook are just a few well-known victims of cyber crime that hackers infiltrated in the past few years.
Hackers will use any information they can get – credit card numbers, email addresses, login credentials, and more. Frequently, they’ll send spam to the stolen email addresses or sell those addresses to other spammers.
Many scammers will set up fake websites such as sweepstakes to collect people’s private information. Users often think they’re signing up for a legitimate site, only to find their inbox full of spam email the next day. Be mindful of giving your email address on a public site.
Luckily, most advanced internet browsers will warn you of a dangerous website. You should also check the URL to make sure that the site is the correct one: Many scammers impersonate websites like PayPal and Google to trick people into entering private information. Make sure the browser uses HTTPS and not HTTP, as the former uses encryption. Check the padlock icon in the top left corner of the URL to check if the company’s website is verified. Lastly, instead of providing your mail email address, use a disposable email alias like those available in StartMail.
What will scammers do with your email address?
Once a scammer gets your email address, they’ll use it to benefit themselves in any way possible.
Many will send you spam email, with the hope of collecting private information such as credit card numbers. They’ll try and trick you into thinking you’ve won something, or that they have a great item for sale. Hackers might even use your email to impersonate you and message your contacts.
Other scammers will use your personal information to try to access your other accounts. Most people re-use the same passwords for different accounts, meaning hackers who have access to one account can easily infiltrate others.
Lastly, hackers can sell your data to other spammers. Your private email addresses and passwords are a hot commodity among scammers. Compromised information often ends up on the dark web or nefarious message boards.
What can I do to deter scammers?
Unfortunately, scammers are nearly everywhere on the internet. These criminals make a living from stealing your private information and using it for personal gain. They want your passwords, bank accounts, and credit card information.
Luckily, you can fight them. The easiest way to spot a scammer is to look for anything out of the ordinary: an email from someone you’ve never contacted, incorrect spelling, an unusual email address, unrealistic offers, and links to shady websites.
Many scammers will use fake names to fool readers into thinking they’re somebody else. For example, an email might say it’s from Jeff Bezos, but have an email address like email@example.com. Be sure to mark suspicious emails as spam. Your email provider will block the address and report it to the spammer’s mailing platform.
Finally, you can use StartMail to help protect your private information from scammers. One of StartMail’s most notable features is its unlimited disposable email addresses. You can use these email addresses in place of your regular one to protect it from scammers. If it ever gets stolen, you can delete it and keep your original email address. We strongly believe that digital privacy is a fundamental human right. We strive to safeguard you against online threats to your data and your privacy.
StartMail also uses state-of-the-art techniques such as encryption and secure storage to keep spammers away from your inbox. You can try it out for yourself with a 7-day free trial.