UPDATED: September 18, 2022

Whether you realize it or not, you share your email address a lot. Think back to all the business cards, paperwork, online forms, and even gas station raffle entries that carry your contact information.

However, with the recent rise of cybercrimes, you might start rethinking the safety of sharing email addresses. Research shows that hackers attack every 39 seconds.

On the other hand, your email address is relatively public information, which several institutions and individuals ask for regularly. You can’t just withhold it altogether.

Don’t worry—we can help.

Just like you, we display our email addresses on various platforms. To gain first-hand insights into email security, we read cybersecurity resources, data privacy guidelines, and real-life stories from ID theft victims.

By the end of this piece, you’ll know exactly how to keep your accounts safe.

Please read without skipping. We’ll share one of the most common mistakes people commit with throwaway emails. Poorly designed email security systems only compromise your accounts.

So, what can someone do with your email address? Let’s find out!

What hackers can do with your email address alone

Before anything else, we want to address whether it’s still safe to share your email address with others. 

Fortunately, the answer is yes. Even in today’s technologically advanced society, where criminals have dozens of ways to bypass accounts, you don’t necessarily have to keep your email a secret.

You can even say it’s a relatively secure piece of contact information. After all, most people would rather publicly disclose their email addresses than their mobile numbers.

With that said, you can’t wholly ignore the risks either. 

Experienced crooks can do a lot of things with stolen email addresses, from hacking email accounts to committing identity theft. It’s naive to think that an exposed email address won’t compromise your privacy.

So yes, you can share your email address. Just be aware that crooks might abuse it for the following purposes:

1. Sending you infected files

Cybercriminals can easily send thousands of infected files to your email address. Even if you block them, they’ll just keep making new email accounts for their malware attacks.

Moreover, activating these viruses requires little to no effort. Some viruses can infect devices within minutes after the user accidentally downloads them.

Crooks often execute these attacks en masse. Once they victimize one or two people, they’ll proceed to extract even more personal information. 

2. Giving you phishing links

Phishing is a very popular social engineering attack. It involves tricking victims into divulging sensitive information by impersonating widely trusted companies and replicating their office business websites.

Note that these links likely contain keystroke logging viruses. They capture confidential data like login credentials, passwords, credit card numbers, health insurance policies, or SSNs.

3. Impersonating you

Hackers use stolen email accounts for impersonation. Depending on how much information they know about you, they could do anything from making unwanted magazine subscriptions to applying for payday loans.

Of course, they’ll have to bypass your login credentials first to do any real damage. Nonetheless, watch out for unauthorized login attempts so that you can stop hackers in their tracks.

4. Selling to marketing companies

Hackers sell stolen email addresses to black-hat marketing companies. In most cases, the companies just spam leads with random promos, offers, and sales pitches—which are annoying but harmless.

However, some use it for illicit sales tactics. For instance, a shady company can use stolen contact information to create fake testimonials and fabricated reviews.

Even worse, some might even send you random packages. If you mindlessly pay for all door-to-door deliveries, you might fall victim to these tricks. 

5. Acquiring 2FA codes

Two-factor authentication (2FA) systems minimize your susceptibility to hackers. Even if crooks bypass your login credentials, they’ll still need to input a unique, one-time code to proceed.

You can send the 2FA codes to your email address or phone number. Although both methods are secure, we suggest the latter because cybercriminals have more access to your online accounts.

6. Hacking other online accounts

Most people use one email address for all their online accounts. For instance, your Instagram, Facebook, and Snapchat profiles could link to the exact username—which is relatively convenient.

Using a single email address makes account recovery easier. Unfortunately, it also lets hackers access several platforms after bypassing your login credentials once.

They’ll keep using the Forgot Password feature for recovery links. In some cases, they could even remove your mobile number from your accounts so that you won’t get notified about login attempts.

7. Extracting confidential files

Your account username doesn’t hold much value. However, hackers can use it as the gateway to other pieces of personal and work information.

After all, most digital natives send and receive confidential files via email. Depending on which of your accounts get hacked, the crook can get anything from old boarding passes to your Social Security Number.

As a general rule, we suggest separating work and personal emails. Also, opt to encrypt all your sensitive emails because hackers can extract thousands of unencrypted files within minutes.

8. Stalking you

Don’t underestimate stalkers. They’ll go above and beyond to take over your email accounts and gain first-hand insights into your daily life.

What they do with the stolen information depends on their intentions. For instance, fraudsters can use your PII to apply for loans, while an obsessed ex might track your hotel or dinner reservations.

To combat these crooks, keep track of your information. If possible, store confidential files in different encrypted accounts so that you won’t lose everything during a hacking attack.

Signs that your email has been hacked

Time is of the essence when fighting cyberattacks. Skilled crooks only need a few hours to extract all the confidential information in your inbox, so you need to act fast.

Based on the ID theft stories we read, most victims didn’t even know crooks were hacking their email accounts. They only found out after getting involved in several fraudulent transactions.

To ensure that you don’t end up in a similar situation, familiarize yourself with the most common warning signs indicating compromised email accounts, which include:

  • Unauthorized Login Attempts: Don’t ignore login attempts. Most websites will show you the location of the user that attempted to bypass your account.
  • Unusual Conversations: Keep an eye out for unusual messages you don’t remember sending.
  • Changed Login Credentials: Report for hacking immediately if you suddenly get locked out of your email account.
  • 2FA Code Requests: Check the emails with 2FA codes. Verify whether or not you still have access to the accounts linked to your email.

Overall, watch out for irregularities in your email accounts. Don’t just brush off unusual conversations, spam messages, and unauthorized service subscriptions.

Recovering a hacked email account

Hackers aren’t invincible. Although challenging, you can still recover hacked email addresses if you follow the correct restoration process.

We suggest reaching out to the following parties:

Email service provider

Most email providers accommodate hacking reports. They’ll likely direct you to a dedicated customer service staff who will help recover your account and files.

For instance, let’s say your Gmail account got hacked. File a report, share the details of the incident, and provide secure contact information that you can still access.


Your email provider can help you recover your account. However, it has minimal control over catching hackers and mitigating ID theft damage.

For ID theft support, contact the Federal Trade Commission (FTC). You can file an ID theft report online, share details about the incident, and get your customized data recovery plan.

Card-issuing bank

You must inform your card-issuing bank about your hacked accounts. Depending on the gravity of the situation, you might have to cancel your cards, set up fraud alerts, or even freeze your credit score.

It’s important to take action immediately because crooks move fast. They can apply for new credit cards or personal loans under your name in just a few days.

Local law enforcement agency

Your local law enforcement agency can help you catch hackers. However, you’ll need to provide specific clues about the perp’s identity, like their location; otherwise, the cops might shelve your case if they don’t have enough leads. 

Tips to avoid getting your email hacked

As we mentioned above, hackers attack millions of users every day. Although you can’t stop them from attacking you, there are several ways to minimize your susceptibility to their schemes.

You can incorporate these email security practices into your cyber hygiene routine:

1. Choose secure login credentials

Your login credentials serve as your first line of defense. Choose a secure password containing multiple special, upper-case, and lower-case characters.

Please avoid using dictionary words. Most cybercriminals can bypass simple one-word passwords through brute-force hacking methods within minutes.

2. Create multiple email accounts

Having multiple email accounts minimizes your susceptibility to hacking. At the very least, store your work, personal, and super-confidential emails in different accounts so that you won’t have to give out confidential addresses as much. 

3. Encrypt  all your emails

Encrypt the confidential emails you send and receive. Most crooks won’t exhaust their resources to decrypt thousands of files after hacking a random email account.

4. Use throwaway emails

Sign up for throwaway email services. They’ll give you a fake username to give third parties and forward incoming messages to your linked inbox—which the sender would never know

You can use permanent and disposable accounts. Permanent throwaway emails can accommodate multiple emails, while the latter option only works for one or two messages. 


Never use throwaway emails—even permanent ones—to send official documents. Disposable email service providers often recycle usernames; some institutions might have already blocklisted these combinations.

Only use throwaway emails if you don’t wholly trust the other party yet. You’d do well to create another professional email altogether for receiving confidential documents containing sensitive information.

Practicing long-term email safety tips

Overall, email security doesn’t mean keeping your username a secret. You can still share your email address with others, but create a customized system that ensures random strangers can’t ever access your accounts.

It’s better to combine all the data privacy tips we mentioned above. Creating multiple accounts, using throwaway emails wisely, and segregating confidential messages go a long way in preventing ID theft. 

Also, stop subscribing to random websites. Trust us—many eCommerce websites and landing pages secretly sell the data that their cookies collect.