This is how your email gets into the wrong hands

When your email address falls into the wrong hands, not only is it inconvenient but the consequences can be long-lasting. At best, you can get bombarded with annoying spam emails. At worst, it can trap you in a scheme to glean valuable data that can be used against you. Despite following best practices, it is now easier than ever to have your email address exposed to malicious parties.

9 ways your email can be exposed to spammers

Are you worried about your email security? Here are 9 ways spammers can get your email address.

1.  Data breaches lead to spam surge

Every day, it seems like another company announces a data breach. The data hackers have gleaned from these breaches can seriously damage you, including but not limited to identity or financial theft.

 

2. Spammers collect email addresses from websites via email harvesting

Spammers can buy or trade lists of email addresses from other spammers. They can use special software known as “harvesting bots” or “harvesters,” which use online resources to obtain emails from publicly available data on websites, in online directories, forums, social media platforms and other public online spaces.

 

3. Dictionary attacks let spammers guess your email and password

Spammers use a program that guesses email addresses by combining common names. They then send emails to these guessed email addresses. When the email doesn’t bounce back, they know that an email account is real.

 

4. You use CC instead of BCC when sending emails to a group

Unfortunately, when someone uses CC (carbon copy) instead of BCC (blind carbon copy) to send out an email, you can see everyone’s email address, and they can see yours. That email has the potential to be forwarded over and over again, which exposes your email to a potentially exponential amount of people. Not to mention, if one of these people’s email accounts gets hacked, then your email is exposed to those hackers, too.

 

5. Companies or individuals can leak or sell your email address

Every time you give a company or person your email address, these parties can leak or sell your email address. This can expose your email address to spammers, hackers, or identity thieves who can use it for malicious purposes.

 

MORE: PASSKEYS VS. PASSWORD MANAGERS: WHY YOU SHOULDN’T DITCH YOUR PASSWORD MANAGER JUST YET

 

6. Spammers can trick you into giving them your email address through phishing

Becoming more and more common, phishing is when spammers pretend to be companies, financial institutions or governmental agencies. Under this guise, they trick the recipient into providing an email address and other personal information and validate whether an email account is active. They trap otherwise savvy individuals by evoking a sense of urgency. Sometimes it will be a fake invoice for an astronomical amount, which can prompt even the most grounded individual to click on links, respond, or provide personal information in an effort to correct the fake situation.

 

7. You use your personal email address for sweepstakes and giveaways

While it is tempting to win a big prize, it is best to use an alias email address if you can’t resist entering a sweepstake or giveaway. Even if it is a legitimate giveaway or sweepstake, they can sell your email address and other information you provide. Your information can be purchased by spammers, who can then spam or scam you. If you must enter and use your personal email address then double-check the privacy policy to see how your information will be used. If no privacy policy information is available, it’s best not to sign up.

 

MORE: HOW FACEBOOK SECRETLY COLLECTS YOUR INFORMATION EVEN IF YOU HAVEN’T SIGNED UP

 

8. Social media can expose your email to spammers

While social media sites can be fun and a great way to stay connected with friends and family, they can also pose a great risk to you. It isn’t always easy to regulate how much or to whom your personal information, such as your email address, is being exposed. In some cases, it is simply available to the greater public. Spammers love to skim information off these social media sites to cobble together enough information to use or sell.

 

MORE: TOP IDENTITY THEFT SCAMS TO AVOID

9. Email retargeting can expose your email to spammers

Spammers use email retargeting companies, which harvest information when you visit certain websites. Data that can be harvested can include your email address, what you put into your shopping cart, links you clicked, as well as any additional actions you took while on a specific site. This information can be used to send you targeted emails or pop-ups.

 

MORE: AT&T’S SHOCKING DATA BREACH EXPOSES 9 MILLION WIRELESS ACCOUNTS

 

Top 8 ways to protect your email

Not using an email address in this day and age is incredibly difficult. Below, however, are 8 ways that you can create a more safe and secure way to navigate your online world:

1) Create alias email addresses. An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address. An email alias address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address.  See my review of best secure and private email services here

My #1 pick for secure and private email is StartMail, which allows users to create unlimited, customized aliases.  You can get an Exclusive deal for CyberGuy readers: 50% off: $29.98 for first year ($2.50 per month, billed annually).  Includes a free 7-day trial.

Some of StartMail’s best perks include:

  • StartMail email address
  • 20 GB of email
  • Unlimited aliases
  • Access email on any device
  • Import your contacts easily
  • No ads, no tracking
  • Send encrypted emails to anyone

See my review of best secure and private email services here

Control spam – How to create a quick alias email address

 

2) Use a password manager to consistently use complex passwords that you can change frequently.

 

3) Avoid opening attachments or clicking on links from emails unless you are sure they are from a trusted source. Scammers or hackers can easily change the name of the sender to make it look like it came from a legitimate organization such as UPS or an individual.  But if you click the email header, you will see the actual email address of the sender, which in our example is not from UPS.

By pretending to be a reputable organization, the crooks send urgent messages to make you click on links, reply, or provide personal information in an attempt to fix a problem or claim a reward. In this example, the fake email asks to “confirm your shipping address.” If you click on a malicious link, then a scammer may be able to access your email and other personal data.

 

4) Have strong antivirus software on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked. 

Malicious links are often disguised as legitimate ones, but they can download malware onto your device without your knowledge. Malware is a type of software that can damage your device, steal your personal information, or give hackers access to your data. Hackers can then use your data for various purposes, such as identity theft, fraud, or blackmail. This is why it is important to have antivirus software that can detect and remove malware before it causes any harm. 

Special Deal for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2024

 

5) Go directly to the official site where you have any accounts, such as your financial institution, to check if any changes or charges were made instead of clicking links in the email you received or responding to the email. This way, you can avoid falling for phishing scams and keep your account secure.

 

6) Limit the number of accounts or profiles you create with your personal email account.

 

7) Regularly scrub your information on the internet. You don’t want spammers to take your email and add it to their lists, do you? That would result in annoying and potentially dangerous messages flooding your inbox. To prevent that, you need to make sure your personal information is not exposed on the internet. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Special for CyberGuy Readers (60% off):  Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers.  I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.

Get Incogni here

Get Incogni for your family (up to 4 people) here

 

8) Use a VPN service to keep more of your information private. A VPN can protect against hackers snooping on your device and intercepting your email messages when you use public Wi-Fi networks. VPNs will also protect you from those who want to track and identify your potential location and the websites that you visit and send you targeted phishing emails that try to trick you into revealing your personal or financial information. By using a VPN, you can access your email accounts securely and freely from anywhere.

See my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices.

Best VPNs for browsing the web privately 2024

 

I’ve been scammed! What to do next?

If a scammer gets hold of your email address, they can use it to access your other accounts, send phishing emails to trick you into revealing your passwords or personal details, or even impersonate you to commit fraud or other crimes. This is why it is important to protect your email address from falling into the wrong hands and to act quickly if you suspect that it has been compromised. Below are some next steps if you find you or your loved one is a victim of identity theft.

1) If you can regain control of your accounts, change your passwords and inform the account provider.

2) Look through bank statements and checking account transactions to see where outlier activity started.

3) Use identity theft protection services to manage your personal information on and offline. Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

Special for CyberGuy Readers:  Save up to 66% with my top recommendation is Identity Guard.

See my tips and best picks on how to protect yourself from identity theft.

Best identity theft protection services 2024

4) Report any breaches to official government agencies like the Federal Communications Commission.

5) You may wish to get the professional advice of a lawyer before speaking to law enforcement, especially when you are dealing with criminal identity theft, and if being a victim of criminal identity theft leaves you unable to secure employment or housing

6) Alert all three major credit bureaus and possibly place a fraud alert on your credit report.

7) Run your own background check or request a copy of one if that is how you discovered your information has been used by a criminal.

If you are a victim of identity theft, the most important thing to do is to take immediate action to mitigate the damage and prevent further harm.

 

Kurt’s key takeaways

There are so many ways your information can be used against you online. Being mindful of where and how often you use your email address online can go a long way in protecting your identity online.

What is the strangest or most alarming email you’ve received? How did you respond? Let us know in the comments below.

TO GET MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you

Massive data breach at federal credit union exposes 240,000 members