Have you ever been browsing a website and then later received an email from the company even though you had not provided your email address? Or maybe you added items to your cart on a shopping website but decided not to follow through with the purchase. Then you get a message asking whether you forgot to complete your purchase.
10 Ways Spammers Get Your Email Address
In this article, I’ll explain how spammers, scammers, and marketers get your email address, and I’ll lead you through steps you can take to prevent this from happening.
Email Retargeting
Spammers can get your email address if the website uses an email retargeting company. These companies harvest information about you when you visit certain websites: data such as your email address, items you may have added to your cart, links you clicked on and other actions you performed while on the site. They then use this information to target you with email messages and pop-up ads.
It’s a shady practice, but it is legal. And once they get hold of your email address, you’ll likely start getting spam and marketing email messages.
Email Harvesting
Spammers also use email harvesting software to collect email addresses from websites. They use harvesting bots, also known as just “harvesters,” to compile lists of email addresses.
Dictionary Attack
What’s called a “dictionary attack” can be used to guess email addresses and passwords. It’s normally done by a program that guesses email addresses by using variants of common names. Then the spammers will send emails to the guessed addresses. If the email doesn’t bounce back, they assume that the email account is valid and active.
Similarly, they use the dictionary attack to guess passwords. Many people select their own passwords instead of using a random password generator to create secure passwords, and many times the user chooses a common word or phrase as their password. This makes it much easier to guess. The hackers use a program that searches for words in the dictionary and variations of these words to try to find a user’s password. They can then use it to access the person’s accounts.
One thing you can do to prevent your inbox from being flooded with spam is to use a separate email address for anything you do online such as shopping, signing up for newsletters and any activity that requires you to register with an email address.
You can also use a secondary or disposable email address in these situations. Keep your personal email address as private as possible.
Brute Force Attack
Instead of using words from the dictionary, a “brute force attack” uses a program that automatically enters random letters, numbers, and symbols to try to hack into a user’s account.
The best way to prevent your password from being hacked is to use a random password generator to create a long password: at least eight characters including a combination of upper- and lowercase letters, numbers, and symbols.
Here are a few sites you can use to generate a password:
You should also use a password manager on your computer, tablet, and smartphone to store and manage your usernames, passwords and website information. I recommend LastPass and Bitwarden.
CC vs BCC Email
Another way spammers can obtain your email address is when someone uses Cc (carbon copy) instead of Bcc (blind carbon copy) when addressing an email message to a group of people. When you send a message and include all of the recipients in the Cc field, anyone who gets your message can view all the recipients’ email addresses.
The email can be forwarded again and again and expose your email address to many other people. Instead of using Cc, use Bcc when sending a message to a group. None of the others receiving the message will see the email addresses in the Bcc field.
Selling and Leaking
Companies can leak or sell email addresses. When you provide your email address to a company, whether in person on online, you are at their mercy as far as privacy is concerned. They can do what they want with your information. This is another good time to use a disposable or secondary email address.
Phishing
Spammers use phishing to harvest email addresses as well. There are many ways they do this. They may pose as banks, financial institutions, government agencies or companies you do business to trick you into providing your email address. They may also ask you to provide personal information.
Often, they try to get you to respond by creating a sense of urgency. Take the time to read the message carefully. Any email that makes you feel stress or pressure is almost always fake.
Giveaways and Sweepstakes
Avoid entering sweepstakes and giveaways. If you do enter, use a disposable or secondary email address. There are some companies that offer legitimate giveaways and sweepstakes, but often they use the information you provide when signing up to generate income by selling the email addresses. Scammers buy these lists and then target you with spam and unwanted email.
Read the privacy policy before registering. If there is no privacy policy or it does not specifically state that your information will be kept private and not shared with others, don’t sign up.
Social Media
Sites like Facebook, X (formerly Twitter), Instagram, TikTok, LinkedIn and others are convenient for connecting with people, but they can also be very dangerous. These sites allow you to share information with a large audience, but you should ask yourself: Just because you can share something, is it really a good idea to do so?
Scammers scan these sites and harvest information, and many people provide too much personal information. Limit what you share and adjust your privacy settings so that your accounts are as secure and as private as possible. Not only do scammers get your email address from social media sites, but they can also obtain a lot of other personal information that can lead to identity theft and even physical theft or harm. Be careful.
Data Breaches
Unfortunately, data breaches are becoming more and more common. Once hackers gain access to a company’s database, they can gather not only email addresses but all kinds of other information such as your name, home address, phone number, Social Security number, banking and other financial account numbers. Also potentially vulnerable is your health information, usernames, and passwords.
The data that the hackers gather can cause bigger problems than just gaining access to your email address. The information they harvest can be used for identity and financial theft and other malicious purposes. It isn’t easy to protect yourself in these situations.
Steps you can take to protect yourself from a data breach:
- Give companies as little information as possible.
- Shred documents before throwing them in the trash.
- Use secure websites.
- Disclose your Social Security number only when absolutely necessary.
- Don’t save your payment information on websites where you make a purchase or pay a bill.
- Keep your username and password private. Use a unique password for each site you visit, and change your password and security questions regularly.
- Use multifactor authentication when you have that option. Doing so allows access to a site only after you have provided two or more pieces of information.
- Never use a debit card for online purchases. Instead, use a credit card: they offer more protection and less liability than debit cards, and they’re not tied to your bank account. Most credit card companies offer protection if your card information is stolen. Consider getting a separate credit card strictly for online shopping.
- Watch for scams. If you receive a notification about a data breach, do not respond to an email or text. Instead, call the company directly at a number you know to be true to validate that it is legitimate.
- Freeze your credit with the three major credit bureaus. Equifax, TransUnion and Experian. Freezing your credit prevents a thief from opening an account in your name.
Final Thoughts
Always be on guard when it comes to email. Carefully read and consider each message before you respond. Stay alert online and don’t share personal information freely.
