It may seem odd at first, but an email account is a goldmine for scammers. A hacker can do more than get their hands on your coveted chicken casserole recipe; they can cause damage to your identity and finances.

So, why do scammers want your email address? What can a scammer do with your email address and phone number? And what can you do if they crack your password?

 

What Can a Scammer Do With My Email Address?
Scammers typically get into an email address either via brute-force attacks or through a database leak. Once they’ve gained access, they can perform several actions with your email account.

 

1. They Can Impersonate You
It’s common knowledge that you should never trust an email that isn’t from someone you trust. As such, those emails claiming you won $4 million in a lottery you never entered don’t trick people as easily anymore.

However, scammers are finding a way around this. While the tip makes us more critical of emails sent from a stranger, it also makes us more trusting of emails sent by people we know and love.

Scammers use this weakness by hacking email accounts, then using that account to contact the victim’s friends and family. If the scammer is good at impersonating people, they can trick the victim’s contacts into believing they’re talking to the victim.

From this point, the scammer can ask the victim to do whatever they please. They may claim that they’re in some financial trouble, asking their friends to transfer some money to the hacker. They could send a link to a malicious program and claim it’s a video of the friend doing something embarrassing.

As such, you should exercise caution, even if it’s supposedly your good friend emailing you. If in doubt, try to contact them over the phone or via another method like social media to see if their request is legitimate.

 

2. They Can Crack the Passwords on Your Other Accounts
If you sign up to a website with sub-par security practices, they’ll email you confirming your username and password when you sign up to them. All this will be in plain view for anyone who gains access to your email.

Most websites don’t or can’t disclose the password in the sign-up email for this reason (although some sites who store passwords as plain text do). These emails are, however, likely to mention your username in the sign-up email, which a hacker can use to gain access to that account.

For example, if you use the same password on your email account for everything else, the hacker already has the password they need to access your other accounts. If you don’t, the hacker can still request a password reset from each site. The website sends a reset email to your account, which the hacker can then use to change it to their whim.

 

3. They Can Use It to Crack Email-Based Two-Factor Authentication (2FA)
Sometimes, a hacker will have the password to someone else’s account but will be stopped by an email-based two-factor authentication (2FA) system. Hackers can get through 2FA systems by getting hold of wherever the authentication codes are displayed.

Should a hacker gain access to your email account, they can get through any email-based 2FA measures you have set up.

Some websites email you when they detect an unusual login pattern. This email will ask you if the login attempt was genuine, and will usually give you a button to confirm the login attempt. Hackers can subvert this security measure if they have your email address by allowing their login attempt when the email comes in.

 

4. They Can Collect Sensitive Information
If the hacker gets access to a work email account, it could be devastating for the company. Any sensitive financial details, company login information, or passwords to physical locks are all visible to the hacker. This information allows them to perform digital or physical theft on the business.

Personal accounts may also have sensitive information hiding within their inboxes. Any banking correspondence may give away details that a scammer can use to break into your bank account.

 

5. They Can Steal Your Identity
If your account doesn’t contain sensitive business information, a hacker can instead settle for stealing your identity.

A hacker can harvest a lot of information from your emails. Invoices have your name and address in plain view, and the scammer can collect any photos you may have sent. If the hacker gets enough information, they can use the data to steal your identity and apply for services under your name.

Keep every source of personal information you have on the internet safe from prying eyes. It’s worth learning about the pieces of information used to steal your identity so you know what you can share, and what to hide.

 

6. They Can Learn When You’re Out
If a hacker finds transport tickets or booking details for a hotel in your email, they’ll know you’re out of the house during those days. Combine this with your address harvested from an invoice, and a scammer knows when and where to burgle your home.

It’s essential to keep your travel plans and locations secret, or else you run the risk of attracting burglars to your property. Even tickets to an event can indicate what times you’re away.

There are many ways burglars can tell when you’re on vacation, so keep things quiet while you’re away. Don’t worry; you can always upload those beach snapshots and selfies when you get back home!

 

What to Do If a Scammer Has Your Email Address
If a scammer has your email account, you should try to change the password immediately. If the hacker hasn’t considered changing it, you’ll have some time to set a different, stronger password and force the hacker out.

Unfortunately, hackers will likely change the password to lock you out. In this case, you’ll need to go through your email provider’s support page to unlock it again. They typically ask for past login information and may require proof of identity to give your account back.

Once you’ve changed your password to something stronger, try adding a 2FA security measure to your account. Even if a hacker gets your password again, they also need to have the 2FA token on hand, which is easier said than done.

 

Protecting Yourself From Scammers
You may not be worried about a hacker gaining access to your email account, but think about all the information a stranger can get by reading your mail. Compromised email accounts are potential goldmines for scammers, so it’s worth keeping yours secure with a robust password.

Now that you know how to protect your account, it’s time to learn how to spot a fake email. After all, if you’re wise to the scammer’s techniques to fool you into believing they’re someone else, it massively reduces the chance that you’ll fall for their trap.

Please let us know if you have any questions about your IT environment or how to secure it from outside cyber threats. We are here for you! Contact us at (732) 780-8615 or email at [email protected].


Simon Batt, “6 Ways Your Email Address Can Be Exploited by Scammers“, msn.com, August 12, 2023