6 Ways Your Email Address Can Be Exploited by Scammers

Simon Batt Updated 16-08-2019

It may seem odd at first, but an email account is a goldmine for scammers. A hacker can do more than get their hands on your coveted chicken casserole recipe; it can cause damage to your identity and finances.


So, why do scammers want your email account, and what can you do if they crack your password?

What Can a Scammer Do With My Email Address?

Scammers typically get into an email address either via brute force or through a database leak. Once they’re in, they can perform several actions with the email account.

1. They Can Impersonate You to Your Friends

It’s common knowledge that you should never trust an email that isn’t from someone you trust. As such, the old trick of emails claiming you won $4 million in a lottery you never entered doesn’t trick people as easily anymore.

This advice is a double-edged sword, however. While it makes us more critical of emails sent from a stranger, it also makes us more trusting of emails sent by people we know and love.

Scammers use this weakness by hacking the accounts of victims, then contacting their friends or family. If the scammer is good at impersonating people, they can trick the victim’s contacts into believing it’s them.

From this point, the scammer can ask the victim to do whatever they please. They may claim that they’re in some financial trouble, asking the friends to wire some money to the hacker. They could send a link to a malicious program and claim it’s a video of the friend doing something embarrassing.

As such, it’s a good idea to exercise caution, even if it’s supposedly your good friend sending you an email. If in doubt, try to contact them over the phone to see if their request is legitimate.

2. They Can Crack the Passwords on Your Other Accounts

A computer screen showing a login page
Image Credit: mishoo/DepositPhotos

If you sign up to a website with sub-par security practices, they’ll send you an email confirming your username and password when you sign up to them. All this will be in plain view for anyone who gained access to your email.

Most websites don’t disclose the password in the sign-up email for this reason. These emails are, however, likely to mention your username in the sign-up email, which a hacker can use to gain access to that account.

For example, if you use the same password on your email account for everything else, the hacker already has the password they need to access your other accounts.

If you don’t, the hacker can still request a password reset from each site. The website sends a reset email to your account, which the hacker can then use to change it to their whim.

3. They Can Use It to Crack Email-Based Two-Factor Authentication (2FA)

A user logging in using email 2FA
Image Credit:

Sometimes, a hacker will have the password to someone else’s account but will be stopped by an email-based 2FA system. Hackers can get through 2FA systems by getting hold of wherever the authentication codes are displayed. Should a hacker gain access to your email account, they can get through any email-based 2FA measures you have set up.

Some websites send you an email when they detect an unusual login pattern. This email will ask you if the login attempt was genuine, and will usually give you a button to confirm the login attempt. Hackers can subvert this security measure if they have your email address by allowing their login attempt when the email comes in.

4. They Can Collect Sensitive Information

If the hacker gets access to a work email account, it could be devastating for the company. Any sensitive financial details, company login information, or passwords to physical locks are all visible to the hacker. This information allows them to perform digital or physical theft on the business.

Personal accounts may also have sensitive information hiding within their inboxes. Any banking correspondence may give away details which a scammer can use to make purchases on your behalf.

5. They Can Steal Your Identity

If your account doesn’t contain sensitive business information, a hacker can instead settle for stealing your identity.

A hacker can harvest a lot of information from your emails. Invoices have your name and address in plain view, and the scammer can collect any photos you may have sent. If the hacker gets enough information, they can use the data to steal your identity and apply for services under your name.

Keep every source of personal information you have on the internet safe from prying eyes. It’s worth learning about the pieces of information used to steal your identity 10 Pieces of Information That Are Used to Steal Your Identity Identity theft can be costly. Here are the 10 pieces of information you need to protect so your identity isn't stolen. Read More so you know what you can share, and what to hide.

6. They Can Learn When You’re Out

If a hacker finds transport tickets or booking details for a hotel in your email, they’ll know you’re out of the house during those days. Combine this with your address harvested from an invoice, and a scammer knows when and where to burgle your home.

It’s essential to keep your travel plans and locations secret, else you run the risk of attracting burglars to your property. There are many ways burglars can tell when you’re on vacation 7 Ways Thieves Can Tell When You're on Vacation (And How to Protect Yourself) Vacations can leave your household security at risk. Thieves can spot when you're not at home. Here's how, along with a few ways to keep your belongings safe while away from home. Read More , so keep things quiet while you’re away. Don’t worry; you can always upload those beach snapshots and selfies when you get back home!

What to Do If a Scammer Has Your Email Address

If a scammer has your email account, you should try to change the password immediately. If the hacker hasn’t considered changing it, you’ll have some time to set a different, stronger password and lock the hacker out.

Unfortunately, hackers will sometimes change the password to lock you out. In this case, you’ll need to go through your email provider’s support page to unlock it again. They typically ask for past login information and may require proof of identity to give your account back.

Once you’ve changed your password to something stronger, try attaching a two-factor authentication (2FA) security measure to your account. Even if a hacker gets your password again, they need also to have the 2FA token on-hand, which is easier said than done.

If this interests you, be sure to learn how to secure your Gmail and Outlook accounts with 2FA How to Secure Your Accounts With 2FA: Gmail, Outlook, and More Can two-factor authentication help to secure your email and social networks? Here's what you need to know to get secure online. Read More .

Protecting Yourself From Scammers

You may not be worried about a hacker gaining access to your email account, but think about all the information a stranger can get by reading your mail. Compromised email accounts are potential goldmines for scammers, so it’s worth keeping yours secure with a robust password.

Now that you know how to protect your account, it’s time to learn how scammers create fake emails What Is Email Spoofing? How Scammers Forge Fake Emails It looks like your email account has been hacked, but those weird messages you didn't send are actually due to email spoofing. Read More . We’ve also looked at other forms of data breaches to be aware of What Is a Data Breach and How Can You Protect Yourself? A data breach can be devastating. Hackers target money and identity. How can you protect yourself from a data breach? Read More .

Explore more about: Email Tips, Online Security, Scams.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Corek2000
    August 29, 2019 at 8:43 pm

    You firstly say
    "Hackers can get through 2FA systems by getting hold of wherever the authentication codes are displayed. Should a hacker gain access to your email account, they can get through any email-based 2FA measures you have set up."
    Then you totally contradict yourself by saying
    "Once you’ve changed your password to something stronger, try attaching a two-factor authentication (2FA) security measure to your account. Even if a hacker gets your password again, they need also to have the 2FA token on-hand, which is easier said than done."
    Which does make the rest of the article extremely suspect, as you forgot to mention that the 2FA security should NOT be email based

  2. dragonmouth
    August 16, 2019 at 7:19 pm

    ""I want everyone use Linux the way I do.""
    How can I tell when a scammer has my email address?

    "Even if a hacker gets your password again, they need also to have the 2FA token on-hand, which is easier said than done."
    If that is true, then why do you say "3. They Can Use It to Crack Email-Based Two-Factor Authentication (2FA)"?

  3. Lin
    September 13, 2017 at 10:04 am

    Today I came across a stranger who visited me at work wanting to sell me making money opportunities on the side. I didn't think and gave me my ymail address.
    Then after work I suddenly remember that it could be dangerous so I googled and found your website. And then I deleted my ymail account. I hope it's not too late! I don't want my computer wiped out!

    Could you give me some advice urgently?

    Cheers Lin

  4. Betty Raymond
    March 17, 2017 at 11:32 pm

    I am a little concerned as I gave my email address to a total stranger on line,,can that person use this as to do something illegal
    Thank you

  5. Tom Howard
    February 10, 2017 at 4:26 pm

    very informative thank you

  6. Boniface
    August 7, 2016 at 3:20 pm

    I think the most is important thing is to follow simple instructions. Some people will be guided on this website but they just ignore.
    Well, I have been a hacking follower and i can tell that most people mess up over small things

    • Fani
      October 18, 2016 at 5:28 pm

      I antagonized a scam artist and regret it because I basically made the target on my back that much more satisfying :(

  7. ScamVictim220
    January 13, 2016 at 2:45 pm

    DO NOT USE SNAPCHAT! That's how I was exploited! Apparently, there are apps where you can send previously taken footage and send it as a snap AND the only thing the scammer has to do to save your photos is turn their device on airplane mode, open the snap, screenshot it and you'll NEVER know. Until they send it back to you of course!!

  8. adele hollings
    November 19, 2015 at 12:55 am

    Ive made this friend on Facebook danial Wilson USA and he kept asking for my email I only use it for email as ive got a different onefor fFacebook but the oneiI gave me is not used for any think but my email he kept saying he is in love with me and he works in emails in the USA I am Adele Hollings look at him on my profile I'm worried now as he as only got 4 friends and all of us are women

    • hotdoge3
      September 3, 2019 at 6:52 am

      do a lookup and you get, U.S. Air Force Memorial Site: Notable Deaths & Obituaries

      just go out on saturday night and good luck ):-

  9. CoolHappyGuy
    June 5, 2014 at 4:21 pm

    SnapChat is no guarantee that photos won't be retained. The recipient only needs to do a screen capture.

  10. Mark P
    June 4, 2014 at 6:37 pm

    Thank god for two step verification. Short of someone stealing my phone, Is there any way for people to hack into my Google authenticator to bypass my two step?

    • Bubba
      June 6, 2014 at 4:14 pm

      Yes, but not easily. If you lock and encrypt your phone, it is much more difficult. All non-trivial computer programs are flawed, therefore exploitable. Just make it much easier to go after other people.

  11. dragonmouth
    June 4, 2014 at 5:49 pm

    You have nobody to blame but yourself. Nobody twisted your arm to join every social network there is. Nobody held a gun to your head to integrate and interlock all your accounts. Nobody forced you to put all your data, trust and faith in the cloud. You definitely made things very convenient for yourself, but in doing so you also made it much more convenient for hackers and miscreants to attack and wipe you out. Convenience has a price - security and safety. Now the chickens are coming home to roost. How convenient is it to rebuild your digital life from scratch?