Is it safe to give a stranger access to your email account to help resolve a problem?
Your email account is the master key to your online life. Giving any access to a stranger — including a 'support agent' — is extremely dangerous and is almost certainly a pretext for account takeover or wider fraud.
Last reviewed: 10 June 2026
Explanation
Email account access is more valuable to a fraudster than almost any other credential. From your email, a criminal can reset passwords on every other account — banking, shopping, social media, pension, government services — that uses the same email address for recovery. This makes email the gateway to a complete identity takeover.
The most common context in which strangers request email access is impersonating a support agent: a fake Microsoft, Google, or ISP representative claims to need access to diagnose a problem. Once inside your email, they can change the recovery address, extract sensitive documents, initiate password resets on financial accounts, and set up forwarding rules to continue monitoring your email silently after you have closed the session.
No legitimate technology support company requires access to the content of your email account to resolve technical issues. Email delivery problems can be diagnosed from the sending or receiving side without the support agent reading your emails or logging in to your account.
If a caller ever requests your email password or login code, treat this as a definitive sign of fraud. Disconnect the call and change your email password immediately from a secure device.
Common red flags
- A support agent requests your email login credentials or a recovery code
- They ask you to create a temporary password for them to use
- They want to access your email to 'diagnose' a delivery or technical problem
- The support contact was initiated by an inbound call rather than your own request
What to do now
- Refuse and hang up or disconnect
- Change your email password immediately if you suspect your credentials were seen
- Enable two-factor authentication on your email account if not already active
- Check for any new forwarding rules, recovery address changes, or new authorised apps in your email security settings
- Report the incident to your email provider and national fraud authority
Frequently asked questions
What should I check in my email settings if I suspect unauthorized access?
Check: recent login activity (look for unfamiliar IP addresses or locations), email forwarding rules (delete any you did not create), recovery email and phone number (verify they are yours), connected apps and permissions (revoke any you do not recognise), and sent mail folder for emails you did not send.
I gave them a one-time login code that expired — are they still in my account?
If they logged in using the code before it expired, they may have changed recovery settings or established persistent access. Check all the settings listed above and change your password immediately regardless.