Can scammers use my email address without hacking my account?
Yes. Email spoofing lets criminals send messages that appear to come from your address without ever accessing your account.
Last reviewed: 1 June 2026
Explanation
Email spoofing exploits weaknesses in email protocols to substitute any sender address in the 'From' field. Criminals use this to impersonate executives, friends, or institutions — or to make phishing emails appear to come from a victim's own address in 'you have been hacked' extortion emails. Receiving a message from your own address does not mean your account has been compromised. Modern email authentication standards (SPF, DKIM, DMARC) reduce but don't eliminate spoofing. If people are receiving spam that looks like it came from you, run a reputable antivirus scan and change your email password as a precaution, but the most likely explanation is spoofing rather than a full account breach.
Common red flags
- Emails from your address that you did not send
- Extortion email claiming your account is hacked and containing your password
- Contacts receiving suspicious messages attributed to you
- Message references compromising material and demands payment to suppress it
What to do now
- Change your email password and enable two-factor authentication
- Check your Sent folder for messages you didn't write
- Run a reputable antivirus scan to rule out device compromise
- Inform contacts that your address is being spoofed if they are receiving fake emails from you
Frequently asked questions
An extortion email says it has footage of me from my own camera. Is it real?
Almost certainly not. This is a standard sextortion script. The claim about camera access is fabricated to cause fear. The password it quotes is typically from an old data breach. Do not pay.