Help! A Scammer Has My Email Address – What Do I Do Now?

You open your inbox, and one weird email stands out like a sore thumb. Maybe the subject line is off, or it looks like it’s from your bank, but the address is spelled incorrectly. 

Suddenly, it hits you: a scammer has snagged your email. Don’t panic just yet – there’s stuff you can do to shut them down!

Types of Scam

How Scammers Can Mess With You

Okay, having your email out there isn’t fun, but generally speaking, it’s not that big of a deal. Your spam folder might fill up or you might have to sift through extra emails. It’s a hassle that no one wants, but for most scam emails, all you really have to do is delete them. 

However, sometimes they can be convincing enough that you click on the link or download the attachment, making your computer vulnerable to attacks. Now what?

If you have fallen prey to a scam email, what you need to do next will depend on what the scammers and hackers are doing with it. Let’s take a look at the kind of trouble they might try:

Phishing Scams

They craft emails that look deceptively real, mimicking the design and language of companies you trust (banks, retailers, social media, etc.). These emails often contain urgent requests or tempting offers designed to make you click a link or download a file. 

Once you do, though, you’re handing over sensitive information (such as your bank login), or unknowingly installing malware on your device.

One common example of this involves Google Docs, in which the bad actor pretends to be a company or person you trust, and sends a link to a Google Doc which, once opened, gives that person access to your computer or information.

Blackmail Attempts

These scammers send intimidating emails claiming to have compromising information about you – passwords from past data breaches, or even fabricated claims that they’ve hacked your webcam. 

Their goal is to scare you into paying them off to prevent them from “releasing” this information. It’s important to remember that these are often empty threats designed to exploit your fear (one key giveaway is that they often request the payment be made in Bitcoin, or some other type of cryptocurrency).

Spread Malware

Scammers hide viruses, spyware, or other malicious software inside seemingly harmless attachments like PDFs, Word documents, or even images.

If you download and open the file, your device can become infected. This malware can let scammers steal your personal information, monitor your online activity, track your keystrokes, or even take control of your computer. This type of attack has been around for decades. In fact, one of the most famous cases happened back in 2007. 

Sign You Up for Junk

Scammers often collect vast lists of email addresses to sell to shady advertisers or spammers. The result? 

A flood of unwanted emails clogging up your inbox, from annoying offers to potentially dangerous scams. It becomes harder to separate real correspondence from the junk. At the very least, you end up spending far too much time deleting the junk and scams. 

Impersonating You

This one is a little scary, but thankfully, it only happens in a small number of cases. Sometimes an attacker has more than just your email address: he or she can actually access your email contact list. 

This means those people already have a list of your friends, family, and colleagues. They can easily whip up a fake social media profile with your name and photos (sometimes even stolen from your real accounts), or craft emails that look like they’re coming from your address. Then, the trap is set. 

They might reach out to these folks with urgent pleas for money – a supposed medical emergency, being stranded abroad, that kind of thing. Your loved ones, thinking they’re helping you, get tricked into sending cash or revealing personal information that the scammer can then exploit further.

Identity Theft

This is the scariest one, but it’s also the least likely to happen. While it is certainly possible to gather enough information to steal your identity, it takes a large amount of work, and there are usually far easier ways to do it. 

Still, it is possible, so we want you to be aware that with your email, they might find things like your address, phone number, sometimes even snippets of your Social Security Number. 

If they gain enough of these pieces, they could start opening new credit cards, taking out loans, or even filing false tax returns in your name. This stuff doesn’t just hurt your wallet – it can destroy your credit score and take months or even years to untangle.

Time for Action!

Suspect a scammer snagged your email? First, don’t panic. Like we said in the beginning, if all you’re getting is junk mail, then it doesn’t really matter – just delete it. However, if you suspect that an attacker has successfully gained access (can log in, or has downloaded a virus to your computer), then you need to do a few things.

  1. New password: Change that password ASAP! Make it a doozy – long, with letters, numbers and symbols. Cybersecurity professionals recommend at least 12 characters (and don’t use the same password on every site!).
  2. Run a virus scan: Using a trusted anti-malware program is something you should be doing regularly. In this case, once you’ve changed your passwords, run a full system scan. The best software will remove or quarantine anything it finds, leaving you with very little work to do. 
  3. Check those connections: Think about everything linked to your email – bank accounts, social media, shopping sites. Change passwords there too, especially if they shared your old email password.
  4. Two-factor is your friend: Basically, it’s an extra security check, usually a code sent to your phone. This makes it way harder for scammers to break in.

Prevention is the Best Medicine

Obviously, avoiding the scams and attacks is your best option, so let’s look at how to do that. Think of this as building a digital fortress (in the cybersecurity world, this is known as defense in depth):

  • Weird email? Don’t be fooled: Get good at spotting red flags – funky addresses, typos, demands for urgent action. One handy trick to do before you even open the email is hover your mouse cursor over the sender. The sender’s real email address will pop up, so if you got an urgent email from your “bank,” but it was sent from criminal123@email.com, then you can be certain it’s a scam. And always remember: If in doubt, don’t click the link! Go straight to the company’s website. 
  • Ignore threats and wacky requests: Scammers want to make you act without thinking. They know that panic is the opposite of rational thought. Resist! Take a moment, calm down, and reread the email. Real companies won’t ask for passwords or cash over email.
  • Password manager for the win! This tool is your ace in the hole. It helps you make and store super-strong, unique passwords for every account you have.
  • Stay updated: Software updates often fix security holes. Keep your devices in tip-top shape to squash those nasty scammer tricks.
  • Scan regularly: Using a trusted antivirus software once a week can help detect small problems before they become huge problems. 

Extra Tips

  • Check for leaks: Sites like https://haveibeenpwned.com/ let you see if your email’s been caught in a data breach. Change passwords on those accounts fast!
  • Report the creeps: Help your fellow man by reporting scams to the FTC and those types of places. This helps law enforcement track down the bad guys.

Wrap Up

Yeah, it’s no good when a scammer gets their grubby hands on your email, but knowing what to do makes all the difference. Take those quick actions, beef up your security, and don’t let those creeps get a win.

To help you out, we’ve created this handy chart to remind of what to do and why:

StepActionWhy It’s Important
1. Change Passwords ImmediatelyGo through ANY account connected to your email. Change passwords on bank accounts, social media, shopping sites, etc. Use unique, complex passwords for each one.This helps prevent scammers from gaining further access if they’ve managed to snag your old password.
2. Contact Your Financial InstitutionsCall your bank and credit card companies. Explain the situation and ask them to monitor your accounts for suspicious activity.They may be able to freeze accounts, reverse fraudulent charges, and help you prevent further financial harm.
3. Report the ScamSites like the FTC, IC3, and your local authorities allow you to report scams.This helps track scammers and warn others, potentially protecting your friends and neighbors from the same scam.
4. Be Wary of Follow-Up ScamsSometimes, scammers target people who’ve already been scammed. Watch out for fake “recovery services” or threats claiming to have more of your info.These scummy tactics prey on victims who are already stressed. Don’t click on links or give out further info without verifying the source.

Remember: You’re not alone! Scams are unfortunately common, but reporting them and seeking advice can help you regain control and minimize the fallout.

Thomas Ward

Thomas Ward

Thomas Ward brings over a decade of cloud, infrastructure, and reliability engineering experience to the forefront of Spyrus’s mission. His time at leading tech innovators like Microsoft, Oracle, and MongoDB has shaped his deep understanding of how attackers exploit weaknesses in cloud systems and how to proactively defend them. Thomas witnessed the rapid shift to cloud environments alongside an explosion of cyber threats. He founded Spyrus out of a conviction to help businesses navigate this complex landscape. He leverages his expertise to build tailored, proactive cybersecurity solutions that protect clients’ sensitive assets and ensure their systems stay up and running – no matter what.