If a scammer knows your email address, you should be extra-vigilant about phishing, and secure all your accounts with strong passwords and Multi-Factor Authentication (MFA). If you suspect a scammer has gained access to your email account, you should take steps with your email provider to secure your account and let all your contacts know you have been hacked.
Read on to learn more details about what a scammer can do with your email address and how to protect your account.
Can a Scammer Do Anything With My Email Address?
Yes, a scammer can do virtually anything with your email address. Here are a few of the things scammers can do when they know your email address or have access to your account.
Scammers can send you phishing emails
Once scammers have your email address, they can send you phishing emails in an attempt to get credentials for other important accounts. Phishing is when a cybercriminal sends a message pretending to be someone else in order to obtain confidential information. For example, they may pretend to be your bank or PayPal, and request your account credentials.
Phishing has become more sophisticated, especially with the increased use of artificial intelligence which facilitates better spelling and design, as well as more customized messaging. This type of attack can also occur over SMS, called smishing. If a message seems off, verify the communication by contacting the company it’s alleged to be coming from directly using the official contact information listed on their website.
Scammers can attempt to hack your online accounts
If their phishing attempt is successful, a scammer can log into your online accounts with the stolen credentials. Getting into sensitive accounts will provide the scammer with a lot of other key information about you, allowing them to steal your money and identity
If their phishing attempt is not successful and you don’t hand over your credentials, they may still try to gain access to your accounts via other methods. Since they have your login email, they may attempt to get your password either through brute force or dictionary attacks. They may also try to guess the password with the information they found by following your digital footprint – trying out passwords that include the names of your loved ones, your birthday or home address. Luckily, if you have a strong password, these attempts are much less likely to work.
Scammers may try to steal your identity
If a scammer gains access to your email account, they could have access to sensitive information that enables them to steal your identity. They will know what bank and credit card company you use because you receive emails from them, or they could find your social security number hidden in a tax form within your emails.
Some scammers will work on getting information from an individual victim for months. With a combination of data found on the dark web from data breaches and what they can find by hacking into your accounts, these bad actors can garner enough information to steal your identity.
Scammers may try to scam your friends
If your email account is compromised, scammers can reach out to your contacts, posing as you. They may attempt to get sensitive information from friends, family and colleagues in order to compromise their accounts or steal their identity. If you suspect your email has been compromised, it’s important to warn your friends so they know those messages aren’t from you.
Steps to Take if a Scammer Has Your Email Address
Whether you think a scammer only knows your email address, or you think they have actually gained access to your account, there are steps you can take to protect your account and yourself from further damage.
What to do if a scammer only knows your email address
If a scammer only knows your email address but doesn’t have access to your email account, you must be extra vigilant about phishing. It’s likely that scammers will target your email address in an attempt to gain access to your email account or other key accounts.
You should also double-check that all your accounts have Multi-Factor Authentication (MFA) enabled and strong, unique passwords that are at least 16 characters long. Your other accounts could be targeted with brute force attacks, in which a cybercriminal attempts to guess your password by trying common character combinations. MFA will prevent them from getting into your account, even if they guess the password, because they will be asked for a second form of authentication which only you have access to.
What to do if a scammer has gained access to your account
If you can no longer get into your email account, you will have to go through account recovery steps with your email provider.
If you can still log in to your account, you will need to change your password and log out on all other devices to lock out the scammer. Then you should activate Multi-Factor Authentication (MFA) to prevent the scammer from getting in again.
Since the scammer has already been in your account, it’s likely they’ve already completed some damaging actions. Run antivirus or anti-malware software to make sure that nothing has been installed on your device. Review account activity to see what the scammer did while having access to your account. To secure all accounts connected to your email, change your passwords with new ones that follow cybersecurity best practices. A password manager can help you securely store all your passwords so you can use complex passwords without forgetting them.
How to Tell if a Scammer Has Your Email Address
Signs that a scammer knows or has hacked your email address include:
1. You notice an influx of phishing emails in your inbox
If scammers know your email address, they may try to get other credentials by sending you phishing emails. These emails will pretend to be from a legitimate entity, such as your bank, and ask you to hand over your login credentials.
These scams often claim that you have won a prize or that someone is trying to send a payment, and you just have to share your credentials in order to receive the money. Other scams may ask you to log into your account and send you to a spoofed login page where your credentials will be stolen when you enter them. A password manager will prevent this type of attack by only allowing you to use your login credential on the legitimate website they’re associated with.
2. Your email address is found on the dark web
Dark web monitoring will help you discover if your email address has been leaked on the dark web. If it is available, then scammers will be able to purchase or find your email and target you with attacks.
3. You get an MFA request when you haven’t tried to log into your account
If you get an email or SMS text message with an MFA code that you haven’t requested, someone is probably trying to log into your account. Make sure your password is secure and keep MFA enabled. If someone keeps trying to target you, you may want to change your email entirely and delete any information from your old account.
4. You are having trouble logging in
If your normal credentials aren’t allowing you to log in and the “forget password” protocol isn’t working either, then it’s possible a cybercriminal has gained access to your account and locked you out. Your email provider likely has a protocol for proving your identity and regaining control of your email account. Don’t wait – contact them right away to get help.
Picture this: your friend reaches out, responding to an email that you don’t recognize but was supposedly sent from your account. Cybercriminals often use access to an email to target the contacts of a user. It’s a lot easier to convince someone to click an unexpected link if it comes from a trusted friend or colleague.
You should check your sent folder in order to see if there are any emails you didn’t send yourself and let your contacts know your email was hacked so they don’t fall victim to the scammer. Then, change your password using cybersecurity best practices to lock the scammer out of your account. Enabling MFA also helps secure your account further.
6. Other personal accounts have been hacked
Often, cybercriminals will gain access to your email as a first step to gaining access to other accounts, such as your bank. Using the “forgot password” protocol, which usually sends a login link to your email, the cybercriminals will reset your passwords and take over your accounts. Since the scammer may be using your email to gain access to other accounts, you should change your email account password as well as the passwords for any hacked accounts.
Protect Your Email Account From Scammers
Scammers can do more damage than you think with just an email. This can be the first step to targeting you with a variety of attacks, including phishing and brute force, in order to gain access to sensitive accounts and even steal your identity. Protect your email and your other accounts by using strong, unique passwords for each. Start your 30-day free trial of Keeper Password Manager today to protect your online accounts and prevent becoming a victim of a cybercrime.