Spammer Got Your Email Address? (here's how...)
Spammers and scammers appear to have supernatural powers that enable them to guess email addresses accurately and quickly. But in reality, the bad guys harvest email addresses by pretty mundane means. YOU may even be contributing to the problem without realizing it. Here's the scoop on how spammers get ahold of your email addresses, and steps you can take to protect your inbox...
Is Your Email Address Vulnerable to Spammers?
It can be maddening when your email inbox gets a fresh load of spam dumped into it. Equally frustrating is when spammers spoof your address as the sender, and your friends all start asking why YOU are sending them unwanted sales pitches for dubious products. Understanding how spammers get your email address can help to prevent both of these problems.
Using web-crawling "spider" programs (not unlike the ones Google uses to index Web pages) spammers hunt down email addresses by looking for the telltale "@" symbol. Working swiftly and ceaselessly, spiders can harvest millions of email addresses automatically. To avoid being "bitten" by an email harvesting spider, don't put your email address on public spaces on the Web. That means not posting it to online forums or personal web pages. If it's included in online directories (school, work, clubs, etc.) ask to have it removed.
Do a Google search to see where your email address is available, and work towards becoming invisible. (Tip: enter your email address in the Google search box enclosed in double quotes.) If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at blow dot com" instead, or create an image with the address instead.
"Dictionary attacks" are another standard way to collect email addresses. Spammers generate emails to made-up addresses, accepting millions of bounce-backs in exchange for a handful of replies from valid addresses. That's why the first rule of dealing with spam is "don't reply to it." Doing so just tells the spammer that you are a "live one" and worth hitting with more spam.
You can make it harder for a dictionary attacker to guess your address by NOT choosing any combination of dictionary words, common first or last names, and a string of numbers. If your email address is firstname.lastname@example.org or email@example.com I can guarantee that you'll get loads of spam, no matter how careful you are. Those addresses are just easy targets, because they're so easy to guess.
With apologies to Jimmy Buffett, some people claim that there's a hacker to blame, but you know, it's your own damn fault sometimes. Many people simply hand over their email addresses, no questions asked, just to get access to a contest, some free program, a ringtone, or other supposed "valuable prize." It's a good idea to have a "throwaway" email address that you can enter into Web forms, rather than using your everyday address. See my related article Fight Spam With a Disposable Email Address for more tips on how to protect your inbox.
And if you have an email password that's easily guessable, spammers may hack into the email account and steal all of the contacts stored there. If your computer is not adequately protected from viruses, spyware and phishing attacks, all of the people in your email address book are vulnerable to spam attacks as well. See my article Here's the END of Weak Passwords for help picking a secure password.
I'm pretty sure that email "forwards" play into the hands of spammers, because they accumulate a large number of addresses as the message spreads from one person to another. For a while, I wasn't sure how this worked, because I didn't see an easy mechanism for those bloated messages to wind up in the hands of the the spammer. But then I realized that if even one of those recipients had their email hacked (or computer compromised by malware), the entire trove or addresses would be vulnerable.
This may or may not be a major source of email address harvesting, but at the very least, you must agree that blindly forwarding every silly story doesn't contribute anything positive to the Internet. Cambodian midgets fighting lions? Nigerian prince wants your help transferring money? Really?? If you're tempted to forward something that seems dubious, check it out on Snopes before hitting the Send button. If you don't trust Snopes, use another myth-busting site such as Hoax-Slayer or TruthOrFiction.
Along those lines, I cringe whenever I get an email that includes my address, along with dozens of others, in the TO: or CC: line. It's especially irksome when they come from businesses who should know better. In addition to revealing their customer/contact lists to everyone else in the distribution list, it's really bad form.
Data Breaches: An Ongoing Privacy Menace
Hacking into a major company's databases can yield millions of high-quality email addresses at once, not to mention even more valuable data such as credit card numbers, Social Security Numbers, etc. In December 2016, Yahoo confessed that over one BILLION of its users’ accounts had been hacked three years prior. Target, Chase Bank, American Express, Home Depot, Apple, Sony and other large companies have reported hacks in the past 2 years, resulting in many millions of accounts being compromised.
The Big Kahuna of Data Breaches was reported in September 2017. The Equifax hack was especially damaging, because it revealed names, addresses, Social Security Numbers, birth dates, driver’s license data, credit card numbers, and email addresses. By combining all of that data, Bad Guys can create much more sophisticated and compelling email scams.
See my article Which Privacy Tools Do You Need (and which should be avoided)? for some tips on how to protect your privacy in the age of constant data breaches.
Spammers also trade in lists of email addresses. A list of a million addresses goes for as little as $100. Some online crooks don't even mail spam, but make their living harvesting and trading email addresses.
It's almost impossible to hide your email address from spammers completely. At the least, you'll probably get a blind dictionary attack spam, eventually. But think before you give your email address to any website. The fewer entities that have your email address, the less spam you will receive. Using a disposable email address, keeping your own computer secured, and encouraging your friends and family to do likewise will also help.
Got any additional tips for keeping your email address safe? Post your comment or question below...
This article was posted by Bob Rankin on 22 Mar 2019
|For Fun: Buy Bob a Snickers.|
Which Mobile Carrier Has the Strongest Signal?
The Top Twenty
Choose Your Weapon in the Robocall Wars
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Spammer Got Your Email Address? (here's how...) (Posted: 22 Mar 2019)
Copyright © 2005 - Bob Rankin - All Rights Reserved