Here’s What Hackers Can Do with Just Your Email Address
Once hackers know your email address, they can access more information about you. Here are some of the things they can do—and how to stay safe.
Hackers have your email address—now what?
Common sense says that you should always protect sensitive information from cybercriminals. That means guarding your credit card details, bank account information, and social security number against hackers who could use them for nefarious schemes. You probably already know that, but what you may be less clear on is where contact info like your cell phone number and email come in. After all, what can someone do with your email address?
A lot, it turns out. Your email address contains enough information about you for hackers to cause serious damage to your personal life and finances. Here’s exactly what someone can do with your email address—and how you can keep your information safe, according to experts. For more cybersecurity tips, learn how to tell if your computer has been hacked, how to delete texts immediately, what smishing is, and why you should be worried about spyware stealing your data.
Is it safe to give your email address out?
It would be impossible to keep your email address completely secret, according to Tonia Dudley, a strategic advisor at cybersecurity firm Cofense. “There are so many things we do today that require us to [share our email addresses],” she says. We communicate with our friends and family, create accounts for social media and online retailers, and make digital transactions, among a host of other things.
That said, you should be selective about where and to whom you give your email address, experts say. Freely sharing your email can cause it to fall into the wrong hands, and you might end up being flooded with annoying marketing emails—or becoming a victim of a hacker, who can use it to carry out a wide range of harmful activities.
Why would a scammer want your email address?
These days, our email inboxes contain a jackpot of information about us that scammers can use. “Most consumers have one email account they use for everything: emailing their doctor, receiving alerts from their financial institution, or possibly [conducting] large financial transactions, such as buying or selling a home,” Dudley says. Hackers can use your email address to send phishing email attacks and acquire valuable information—including your log-in credentials and financial info—that allows them to commit other crimes, like identity theft.
What happens when a scammer gets your email address?
Once a hacker knows your email address, your personal and financial information—as well as that of your friends, family, and other contacts—could be at risk. Below, experts share the scoop on exactly what someone can do with your email address and how to stop them.
Send phishing emails
Hackers who know your email address will likely target you with scam and phishing emails, according to Alex Hamerstone, director of advisory solutions at cybersecurity firm TrustedSec. For example, they may “try to convince you to take action, whether that action is to give them money, access to your accounts, or personal information that they can use to steal your identity,” he says. They can also send you emails impersonating someone else or a company to try to sell you goods or services that don’t exist, which is known as phishing.
Scammers can use phishing emails to access your email account too. “When a hacker knows your email address, they have half of your confidential information. All they need now is the password,” warns Greg Kelley of digital forensics company Vestige Digital Investigations. To learn the password to your email address, scammers might send emails designed to trick you into sharing the account information or logging on to a fake website, where the scammers can steal your log-in credentials. To block phishing emails, experts recommend downloading an anti-phishing browser extension or security apps that protect against phishing attacks.
Spoof your email address
In addition to sending scam emails to your account, attackers can spoof your email address to scam other people too. Here’s how they do it: First, they create a forged sender address that looks like yours, making small and tough-to-spot changes, like adding a period or swapping a number with a letter. Then they use the email address to send “spoof” messages containing harmful malware or requests for money, according to Garry Brownrigg, founder and CEO of the security-focused content-management system QuickSilk. Because the email address looks legitimate, email spoofing allows scammers to bypass the spam filters on most email accounts.
Find personal information
The things someone can do with your email address can have dangerous, real-world consequences, such as stalking, according to Allan Buxton, director of forensics at digital forensics company Secure Forensics. “At a minimum, a search on Facebook can get a public name and, unless privacy protections are in place, the names of friends and possibly pictures,” he says. “Throw that email address into LinkedIn, and they’ll know where you work, who your colleagues are, your responsibilities, plus everywhere you worked or went to school previously.”
Although stalking is rare, you can keep your online presence to a minimum by never posting these things on social media and, when all else fails, learning how to disappear completely from the Internet.
Send emails to your contacts
Let’s say an attacker’s phishing email works, and scammers are able to learn the password to your email. Things just got even more serious.
What can someone do with your email address and password? For starters, they can log in to your account and use it to send email blasts to anyone (maybe even everyone!) in your contacts list. Like the phishing emails sent to your account, these emails aim to get around online security measures and could contain spyware, requests for money or access to online accounts, or advertisements for fake goods or services.
Phishing might seem harmless at first, but experts say it could wreak havoc on your personal or professional life. “If a criminal really wanted to hurt someone, they could use this as a way to catfish a romantic partner, hack the victim’s employer, get the person in trouble at work, or cause any number of problems,” says Jason Glassberg, cofounder of Casaba Security and former cybersecurity executive at Ernst and Young and Lehman Brothers.
Access your online accounts
Logging in to your email account with your password also allows hackers to learn the passwords to all of the online accounts that use your email address as the username. To learn the password to any account, all they have to do is click the “forgot password” button and change the password using the email sent to your address. That’s why setting up two-factor authentication for your online accounts is so important, according to Hamerstone. “If users are using multifactor authentication, scammers would need a way around that as well,” he says.
Steal financial information
Your financial information is just a hop, skip, and jump from your email address: If hackers know your email address, they can phish for your password, and with your password, they can target your online bank accounts, especially if you have connected them to the email address that was hacked. “This is one of the biggest risks you’ll face from an email hack,” Glassberg says. “Once [hackers] have the email [and password], it’s easy to reset the bank account and begin issuing transactions.”
Aside from harming your finances, this can hurt your credit score if your credit card is attached to your hacked bank account. “Cybercriminals can use your credit card details, open bank accounts in your name, and take out loans. It will likely ruin your credit card’s rating, and your credit report will take a hit,” says Justin Lavelle, chief communications officer at BeenVerified, a public records search company.
Speaking of your precious (and private) financial information: It’s a good idea to invest in an RFID wallet that can block your credit cards from skimmers looking to steal your information.
Another scary thing that might surprise you about what someone can do with your email address and password: “[Hackers] can use this access to spy on you and review your most personal emails,” says Daniel Smith, head of security research at cybersecurity company Radware.
If hackers log in to your email account and find personal information in your inbox—the sort you wouldn’t want to share publicly—they could use it to threaten, blackmail, or even dox you. For example, your inbox could contain emails from a secret lover, which could ruin your reputation and personal life if they were released. In an equally concerning scenario, hackers can find documents with your address and phone number, which are often used in doxxing attacks, like sending the police to your home.
Caroline Purser/Getty Images
Steal your identity
Here’s a bit of good news: “Identity theft is challenging with just an email address,” Hamerstone says. The risk increases, however, when scammers have your password as well.
If they’re able to log in to your email account and dig through your inbox, it’s possible for them to learn enough about you to steal your identity. Your email could contain materials like bank documents or employment records, which contain several pieces of information—like your social security number and credit card number—needed to commit identity theft.
How you can stay safe from hackers
What can someone do with your email address? A lot of damage. That’s why it’s so important to keep your email address from falling into the wrong hands. Hamerstone recommends giving out your main email address as infrequently as possible. Instead, set up several free email accounts that you can share with online retailers or other less-trusted sources, he says.
Dudley also suggests using a strong, unique password for your email account (store them in a password manager, if you’re worried about forgetting them) and avoiding any of the passwords on this easy-to-guess passwords list. For maximum security, change that password every couple of months and secure your email account with two-factor authentication, she says.
What to do if you think you’ve been hacked
Starting to notice some strange activity on your email account? It’s possible you’ve been hacked. There are a couple of ways you can try to minimize the damage. The minute friends or family members mention receiving spam emails from your address, change your password. If you can’t log in to your email account because the hacker has changed the password, tell your contacts that you’ve been hacked so they know to mark that email address as “spam” and ignore anything coming from it. From there, create a new email account and share it with friends and family.
Work quickly to prevent hackers from using the info in your email to steal your identity. Dudley recommends freezing your credit through your credit bureau’s self-service portal and keeping an eye out for signs of identity theft. Then get serious about security and take steps to get rid of malicious software. “Change your email settings to the highest privacy setting, scan your computer for malware and viruses, and be sure your browsers are updated,” Lavelle says.
Now that you know what someone can do with your email address, stay ahead of privacy issues by learning the red flags that someone is spying on your iPhone.
- Tonia Dudley, a strategic advisor at Cofense
- Alex Hamerstone, director of advisory solutions at TrustedSec
- Greg Kelley, chief technology officer of Vestige Digital Investigations
- Garry Brownrigg, founder and CEO of QuickSilk
- Jason Glassberg, cofounder of Casaba Security and former cybersecurity executive at Lehman Brothers and Ernst and Young
- Allan Buxton, director of forensics at Secure Forensics
- Justin Lavelle, chief communications office at BeenVerified
- Daniel Smith, head of security research at Radware