How Scammers Get Your Email Address (& How To Stop The Spam)

Do you often receive strange emails from senders you don’t recognize? It may be a seemingly harmless promotional email, or it could be a suspicious message saying you’ve won the lottery.

And you wonder, how did they find your email address? Should you worry if a scammer has your email address?

While you use your email for many things, you’d still want to protect it and avoid spam messages getting into your inbox. Hackers can exploit even a minor vulnerability, access your email, and get information on your financial and social accounts.

We feel you. Part of protecting yourself against scammers is knowing what you’re up against and what you can do to prevent your email address from getting compromised.

Consulting various sources on the web with authority in cyber security, we’ve gathered the ways scammers get your email address. Read until the end and learn about the most common mistake people make with their email addresses, making them a likely target for scammers.

Where do scammers find your email address?

Your email is associated with your accounts, so it’s a gateway to your personal information that scammers can use to ruin your finances and identity.

Here are some ways they get a hold of your email address:

Purchased email lists

No matter how careful you are about giving your email address away, some businesses or websites that collect email addresses can sell your information.

Scammers use purchase email lists to send spam and phishing emails, waiting for anyone to fall victim to their tricks.

Email providers have ways to filter out spam, but there are still times when malicious messages get through.

Phishing email

Scammers can also harvest email addresses through phishing. They send messages or post links on the internet that look legitimate from government agencies, businesses, banks, and other financial institutions. They trick you into providing your email address and other personal information.

These messages usually urge you to act or respond quickly. The sense of urgency that they create prevents you from thinking carefully because you’re pressured to do something.

Email harvesting bots

Scammers can harvest millions of email addresses on the web through bots using the “@” symbol and the common email format. They can easily create a list containing thousands of email addresses.

Data breaches

Scammers can also get email addresses from data breaches. Hackers target businesses of all sizes, from small businesses to multimillion corporations, infiltrate their systems, and harvest their data, including the email addresses of their customers.

Hackers may sell the data on the dark web, and scammers will spam those stolen email addresses, waiting for their next victims.

Fake websites

Thieves can spoof official company websites, creating look-alike versions that consumers would hardly notice. It can be a matter of just one character, like using a 0 (zero) instead of the letter O or adding a period or dash.

These fake websites will prompt you to sign up for a newsletter or freebie using your email address. Since it’s not legitimate, what you might end up receiving is a phishing email or malware that can steal more personal information.

CC email

Your email address may also be exposed to scammers when you’re included in carbon copy (CC) emails. These are emails sent to a group of people and may be forwarded repetitively.

Social engineering posts

Social engineering refers to tactics that manipulate victims to give away sensitive information. It requires direct human interactions, where scammers play with your emotions and trick you into rash decisions.

Social media games, quizzes, and tests

Have you ever answered fun quizzes on Facebook or played games on social media?

As seemingly harmless as they are, scammers can use them to gather your personal information, including your email address.

That’s because when you play the games or answer the quizzes, you’re granting permission to collect information from your social media profile, including your contacts list and email address. Then, they can spam your email or sell it to third parties.

Online multiplayer games

Online multiplayer games are also good sources of email addresses that hackers can exploit. They can target video game systems and conduct data breaches to gather user information.

Openly available email addresses on social media

Do you like sharing about your life on social media? Unfortunately, social media platforms are public spaces that scammers love to take advantage of. They’re full of sensitive information thieves can use to steal identity or trick people into giving them money.

When you sign up for a social media account, you fill in personal information details, including your email address.

This is the most common mistake people make with their email addresses: they would forget to set their email addresses in private and leave them openly available.

Thieves exploit this vulnerability and harvest not only your email address but also your other personal information.

Facebook, Instagram, LinkedIn, and Twitter are the top social media sources of phishers.

Brute force attack

Scammers may also figure out valid email addresses using brute force attacks. A brute force attack refers to the method of generating random email addresses using combinations of numbers, letters, and symbols.

Then, they spam them. If the emails didn’t bounce, the addresses are probably active. It would be just a matter of who will fall for their tricks.

Dictionary attack

A dictionary attack is similar to a brute force attack, which guesses email addresses and passwords.

The difference is that a dictionary attack checks for common words (a “dictionary list”) that are most likely to be used.

That’s because many people use common words and phrases when creating their emails and passwords.

The hackers send emails to the guessed email addresses. Then, they guess the passwords of the emails that didn’t bounce to access the victims’ accounts.

Giveaways and sweepstakes

Have you ever been offered promo coupons at grocery stores? Or do you like joining online giveaways?

While some companies offer legitimate giveaways and sweepstakes, there are fake ones that would only collect names, addresses, contact numbers, and email addresses. They will sell the lists to spammers, who will then send unwanted messages.

How can you prevent and stop email scams?

Scams are everywhere, and spam emails can seem quite impossible to avoid. Your best protection is always yourself.

Here are a few things you can do to equip yourself and stop email scams:

Learn to spot the spam

You can prevent getting scammed via email when you know how to spot spam. Scammers won’t be able to get your information simply by sending you an email.

More often than not, you would have to click on a link or download an attachment for them to steal your information.

So, what are the signs that an email is spam?

  • The email address of the sender contains random letters and numbers.
  • There are obvious misspelled words (particularly brand names) and grammar errors.
  • The message contains offers that are too good to be true.
  • There are suspicious links that redirect you to ad pages.
  • The message has urgent due dates.

Other spam emails might not be so easy to spot, especially those that spoof legitimate emails from brands or financial institutions like banks. You just have to be extra careful when clicking links or downloading attachments, especially if you don’t know the sender.

Obfuscate or hide your email

You can make your email address unintelligible or scrambled using HTML or JavaScript. This will make it difficult for hackers to know whether you’re using a real email address.

If you’re using Apple devices, you can use the Hide My Email feature, which keeps your personal email private. Instead, it creates unique and random email addresses when you need to sign in with an app, create a new account, or sign up for newsletters.

Alternatively, you can create a different email that you can use solely for signing up with apps, newsletters, or online shopping.

Be mindful of giving your email address

You must not leave your email on websites that you don’t trust or seem suspicious. For example, make sure that you’re accessing sites that have HTTPS and not HTTP only. HTTPS means that the site uses encryption.

It’s also helpful to read the privacy policy of the site, found at the bottom of the page. If there’s none, you’re not sure how your information will be used or shared, so it’s better not to leave any information.

If you must sign up, you can use a disposable email alias, which will forward the messages to your personal inbox.


It can be frustrating and annoying to receive spam emails almost every day, and you might think that it’s impossible to stop them. What you can do is be vigilant always and arm yourself with the latest information and proper knowledge of how to spot spams and avoid scams. We hope the above tips will help you get started!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
Scroll to Top