What to do if a scammer has your email address: 9 smart moves

Just because a scammer has your email doesn’t mean you’ve been hacked. But you’re not out of the woods quite yet. If they can match it with other personal data, a scammer knowing your email could lead to bigger problems.

Why? Your email address is a key detail that scammers need to commit identity theft. While they’ll need other information as well, knowing your email increases their chances of success down the line.

Read on to learn what to do if a scammer has your email address.

1. Ignore phishing emails

If your email is leaked and exposed to scammers, you may notice an uptick in spam and suspicious emails. Do not open them. These are often attempts to trick you into providing your personal information or financial details — a process known as phishing.

If you receive a phishing email, delete it immediately and avoid opening it or clicking any links within. Even just clicking the link can provide the scammer with device data such as your IP address and location.

Here are some signs of phishing emails to help you identify a scammer:

• Generic greetings: Phrases like “Dear Customer,” instead of your name.
• Poor grammar and spelling: Grammar mistakes and misspelled domains or company names.
• Urgent messaging: Claims like “your account will be deleted in 24 hours” intended to cause panic.
• Requests for personal information: Prompts to provide your personally identifiable information like your bank account details or Social Security number (SSN).

2. Change your passwords ASAP

If your email has been leaked, other sensitive information — like your passwords — may have gotten out as well. While you don’t need to change your passwords every time you get a spam message, a sudden uptick in spam or phishing attempts should be a red flag. In such cases, immediately update your passwords for all your online accounts, including your email, bank account, and social media accounts.

Make sure to create a strong, unique password for each account, and consider using a password manager to help keep track of each one.

3. Set up two-factor authentication (2FA)

In addition to updating your passwords, be sure to enable 2FA on all of your accounts.

When 2FA is enabled, logging in requires two forms of identification: your password and an additional method of identification, like an SMS code, an email code, or a phone call. This extra layer of security ensures that even if a fraudster gains access to your login credentials, they won’t be able to complete the secondary authentication and access your account.

4. Update your spam filters

Adjust your email spam filters if phishing messages are frequently ending up in your main inbox. Here’s how to help common email providers identify unwanted messages:

• Gmail: Mark unwanted emails as spam to help Gmail recognize and filter similar messages more effectively.
• Outlook: Navigate to Home > Delete group > Junk > Junk E-mail Options. Then, choose the level of protection you want.
• Yahoo Mail: Mark the email as spam to teach the system that messages from a specific sender are unwanted.

5. Remove your personal information from the internet

If the phishing emails you’re getting are eerily detailed, containing your name or other personal information, you can remove your personal information from the internet, including your email. Here’s where to start:

• Data brokers: Data brokers or people-search sites collect personal information, such as your email address, and sell it or make it available for free. To remove your information, visit common public people-search websites and opt out, or join LifeLock Standard to scan these sites for your data and help you opt out.
• Google Search: You can request the removal of your email address and other personal information from Google Search. To do this, search your name and identify any search results containing your email address. Then, click the three black dots next to the result and click “Remove result.”
• Social media: Remove your email from your profile or adjust privacy settings to keep it hidden from the public on social media platforms like LinkedIn and Facebook.

6. Check your device for malware

If a scammer has your email address, check your device for malware. Conduct a malware scan to identify and remove any malicious software. If you don’t already have antivirus software installed on your device, download it from a reputable provider to protect yourself from future threats.

7. Safeguard your credit

If a scammer has your email address, take proactive steps to protect your credit, as they could attempt financial fraud if they gain access to your account. Closely monitor your financial accounts for unexpected transactions and double-check your online banking security settings.

In extreme cases, when a scammer has hacked into your email or you fear your identity may have been stolen, consider freezing your credit with all three credit bureaus to prevent scammers from opening credit in your name. To place a credit freeze, navigate to each credit bureau’s website and follow the instructions.

8. Scan the dark web

Conduct a dark web scan to check if your email has been compromised. If your email is found on the dark web, immediately change your passwords, enable 2FA, and update your security questions. Do the same for any other compromised accounts.

9. Warn your contacts

If things are really bad, and a scammer has hacked into your email account, you’ll need to warn your contacts.

Scammers may attempt to impersonate you to trick your friends, family members, and professional connections. Scammers know people are more likely to click a link if they received it from someone they trust. Request that your contacts reach out to you directly if they receive any suspicious emails that appear to be from you.

What can scammers do with your email address?

Although it may not seem like a big deal, a scammer knowing your email address can lead to serious consequences. Here’s a list of a few things scammers can do if they know your email address, or worse, have access to your email account:

If a scammer knows your email, they may:

• Send phishing emails to attempt to get your login credentials.
• Attempt to hack your other accounts using account takeover attacks (ATO).

If a scammer gains access to your email account, they may:

• Impersonate you to scam your contacts, tricking your friends and family into giving away their sensitive information.
• Steal your identity by using your email address alongside other sensitive data to piece together your identity.

Can someone hack your email with just your email address?

While someone can’t hack into your email with just your email address, they can use it as a starting point to launch other attacks.

For example, a hacker may send a phishing email pretending to be your bank to trick you into revealing your password. Additionally, if your personal information was compromised in a data breach, scammers may use credential stuffing — automatically trying stolen login credentials across multiple sites — to access your email. This is especially risky if you’ve reused passwords across multiple accounts.

Can someone steal your identity with only your email address?

No. Someone typically can’t steal your identity with only your email address. However, hackers can use your email to access sensitive data through tactics like phishing scams. If they gather enough personal information, they could use it to steal your identity.

To prevent identity theft, it’s essential that you make it as difficult as possible for bad actors to access your personal information, including your email.

How to tell if your email has been hacked

Watch out for the following signs that your email has been hacked:

• You can’t log in with your password, and the “forgot password” feature isn’t allowing you to reset it.
• You receive random 2FA codes when you haven’t tried logging into your account.
• Your family and friends report receiving emails you didn’t send, often requesting sensitive data or prompting them to click suspicious links.
• You notice emails in your sent folder that you don’t recognize or remember sending.

Safeguard your identity with LifeLock Standard

Your email address falling into the wrong hands can be stressful, as fraudsters are constantly on the prowl for personal information they can use to commit identity theft. But there’s no reason to live in fear if you take steps to protect yourself.

With LifeLock, you’ll get comprehensive identity theft protection, including dark web monitoring. We’ll scan the murkiest corners of the dark net and alert you if your email is found so you can take action to help protect your personal information. And if your identity is compromised, our U.S.-based restoration specialists will help restore it.

FAQs

Is it safe to give out your email address?

Giving out your email address to people you don’t know and trust can be risky, as it can increase your risk of being targeted by online threats. Even reputable organizations can experience data leaks, potentially leaving your email and other data exposed.

How do I remove my email from a scammer list?

While there’s no way to remove your email from a scammer list, marking unwanted emails as spam can help prevent phishing emails from reaching you.

Should I delete my email if it was hacked?

Rather than deleting your email if it was hacked, you should attempt to regain control of the account, change your password, and upgrade your security settings. Most email providers offer account recovery options if a hacker has changed your login information.