Can someone scam me just by knowing my email address?
Having your email alone gives scammers limited but real power — including phishing, credential stuffing, and spam — though not direct account access.
Last reviewed: 1 June 2026
Explanation
Your email address is effectively your online identity. While knowing it alone doesn't give a scammer access to your accounts, they can use it to: send targeted phishing emails that appear personalised; try it against leaked password databases in credential-stuffing attacks; enroll it in spam campaigns; register it on services to trigger verification emails; and impersonate you to your contacts using spoofing. If your email address appears in a data breach (check free services like HaveIBeenPwned), change the password for that account and any accounts where you reused the same password. Use a unique password for every account and enable two-factor authentication.
Common red flags
- Receiving phishing emails addressed to your exact name and email
- Login alerts from services you didn't access
- Contacts receiving emails that appear to come from you
- Password reset emails you didn't initiate
- Your email appears in a data breach notification
What to do now
- Check haveibeenpwned.com to see if your email is in any known breach
- Change passwords for all affected accounts and use unique passwords everywhere
- Enable two-factor authentication on your email and key accounts
- Consider using a password manager to maintain strong, unique credentials
Frequently asked questions
Should I give out a different email address for online shopping?
Yes — using a secondary or disposable email address for shopping, newsletters, and non-critical accounts helps contain the blast radius of any breach.