Statistics show that 45% of emails consist of spam, so you likely encounter dozens of them every day. Most spam emails probably don’t scare you anymore.
Sadly, not all spams are generic attacks. You’ll encounter carefully crafted messages that know a bit more about you.
Most crooks can only access aliases and temp emails. However, experienced hackers might know so much about you that they’ll have you asking, “How do scammers know my name, bank, and address?”
If you find yourself in a similar situation, this article is for you.
Like you, we don’t want identity thieves to misuse our personal information for fraudulent activities. So we gathered the best cybersecurity tips from independent ID theft prevention guides, data privacy laws, and official government resources.
Please read without skipping. We’ll explain why opting out of spammy newsletters might compromise your personal information instead of protecting it. A false sense of security only puts you at risk.
So, how do scammers know your name? Let’s find out!
5 ways scammers can get your name
Did you just get a spam email with your name in the subject? Don’t panic—your full legal name is public information, which criminals can extract by:
1. Offering free products and services
Think back to all the times you gave your contact information for freebies. Maybe you were filling out raffle entries, signing up for newsletters, taking an online course, or downloading free PDFs.
Unfortunately, many crooks abuse these pieces of information. More experienced criminals even run full-scale farming operations under the guise of providing free services or products for contact details.
As a general rule, avoid disclosing too much information to random third parties. But if you must, at least use a throwaway email linked to an account dedicated to spam messages.
2. Checking social media platforms
Whether you realize it or not, your social media profile is a gold mine for criminals. They’ll scour your feed for names of your relatives, contact your friends, impersonate you, and extract all the details listed in your About Me sections.
Crooks rarely execute these attacks en masse. If you find yourself the victim of a hacking attack, the perpetrator probably already knew a few things about you beforehand (i.e., contact number, alias, employer, bank).
So as a general rule, secure your profiles. Hide all your posts from people outside your friends' list, use secure login credentials, avoid posting personal information, and enable two-factor authentication.
3. Buying email lists
Cybercriminals buy and sell stolen information on the dark web. It serves as a hotbed for fraudulent transactions since users access this hidden area of the internet anonymously.
Crooks sell almost anything here, from stolen Netflix subscriptions to illegal substances. If your information was recently involved in a data breach, the perpetrators are likely trading it through dark web listings.
We don’t advise first-timers to access the dark web, even for monitoring purposes. Instead of going out on a limb and scouring these listings yourself, you’d do well to invest in a robust dark web monitoring tool.
4. Hacking into databases
Cybercriminals infiltrate websites and databases to steal client information. They often target email service providers, businesses, government agencies, healthcare institutions, and commercial banks.
You’d think that only SMBs fall for these attacks, but unfortunately, that’s not the case. Reports show that even established, widely trusted global brands like Yahoo!, Alibaba, LinkedIn, and Facebook experienced a data breach in the past few years.
Unfortunately, you have no control over how well an entity protects your information. To mitigate the potential damage, please immediately report data breaches to the Federal Trade Commission (FTC).
5. Cooperating with shady websites
No, not all data breaches involve hacking attacks. Unfortunately, many shady web admins willingly sell their site’s collected data to identity thieves and black-hat marketing companies.
You can’t tell which of the sites you visit have ill intentions. However, you can minimize your susceptibility by using dummy accounts and separate email addresses when logging into random, unofficial websites.
Also, consider investing in VPN services. They encrypt and encapsulate your network requests so that third parties like internet service providers and web admins can’t access your traffic.
How identity thieves can abuse your name
Please don’t ignore spam messages mentioning your full legal name. Although crooks can’t do much with just your name, it serves as the gateway to other crucial pieces of information.
Hackers often abuse stolen names by:
- Sending them phishing links. Phishing is a common attack that only requires public information like email addresses and names. Statistics show that 1% of all emails contain phishing links.
- Extracting more personal information. Crooks can use names to extract more personal information online. They only need a target’s legal name, address, and contact number to perform various fraudulent activities.
- Executing social engineering attacks. Spam emails are more likely to trick and scare targets if they use their real names, thus causing them to act irrationally.
Remember: crooks won’t stop with just your name. You can guarantee they’ll exhaust their resources to exploit your vulnerabilities and extract more information.
Stopping crooks from misusing your name
You can’t stop crooks from knowing your name. However, you can minimize your susceptibility to their attacks by:
Carefully divulging personal information
View anything asking you for personal information with skepticism. Always remember that you have the right to withhold personal information from anyone or anything if you’re uncomfortable.
It’s better to offer alternative IDs whenever possible. Many companies, agencies, schools, and organizations ask for super-sensitive information like Social Security Numbers, even if they have no legal right to do so.
Following identity verification habits
Taking introductions at face value will put you at risk. Instead, we advise following standard identity verification techniques when conversing with someone online or over the phone.
You must ensure that you can verify the other party’s identity. If you have doubts, search the name of their company, go through the reviews, and call its publicly listed number yourself.
Avoiding clicking buttons and links
Scammers often acquire personal information in bulk. They buy thousands of names and email addresses, send each one spam messages, then extract data from anyone that falls victim to their attacks.
Note that crooks only target victims who engage with them. If the target doesn’t respond, they’ll assume the information is outdated and move on to their next victim.
Unfortunately, a “response” doesn’t always require email replies. Even if you don’t send them an actual message, they might still pursue you if you click on any link, button, or attachment on their emails.
You’d do well to ignore these spam messages altogether.
Warning: Think twice before unsubscribing to spam newsletters. Crooks often encode fake “unsubscribe” links into their emails to trick customers into engaging with their messages.
Trust us—you’ll only get bombarded with more spam emails afterward. In the worst case, they could start targeting you with more aggressive ID theft and social engineering attacks.
If you want to block someone, use your email service provider’s settings. Most options like Gmail and Yahoo let clients filter their inboxes so that they won’t hear much from possible crooks and hackers.
Keeping your personal information secure
Again, your name is already classified as public information. Whether you like it or not, crooks can easily extract basic information like your name, alias, contact number, and email address.
With that said, you can still secure your identity. Posting less on social media, using multiple email accounts, signing up for temp email services, filtering spam mail, and blocking phishing links go a long way in data privacy.
Also, use your best judgment when divulging information. If you can’t verify the identity of the person asking for details about your personal life, stop engaging with them.