Rights & Money

How Scammers Get Your Personal Information

When you know how they do it, you can do more to keep your personal info personal

By Matt Smith

E-mail scams keep getting more and more sophisticated, and while some e-mails are obviously pathetic attempts to con you into sending someone money, it can be troubling to receive messages in which it seems evident that the sender knows at least some of your personal details. How do scammers know what they know about you?

Online searches
Scammers can find e-mail addresses online by searching for the @ symbol, so it’s best to avoid posting your address online publicly. If you do need to share it, you can make it hard to find by writing it out as “username AT website DOT com” instead of posting the full address; you can also post it as an image.

From your friends
Even if you don’t post your address publicly, it’s still stored in the e-mail accounts of your friends and family. If scammers gain access to your friends’ contact lists—by hacking or other trickery—there’s a good chance you may be their next target.

Wild guesses
Often, scammers don’t even know whether they’re e-mailing real addresses, so receiving a spam e-mail doesn’t necessarily mean that your address was compromised. Scammers use software that generates lists of possible e-mail addresses. The more unique your e-mail address is, the less likely it is that someone will guess it.

Buying a list
It’s easy for scammers to buy lists from one another or from unscrupulous websites that do data collection. Often these lists can be quite old, so don’t be too concerned if a scammer claims to know personal details about you (such as account usernames or passwords) that are outdated. You can find out if your e-mail has been compromised in a data breach using this website; if you find that it has, be sure to change the passwords for any accounts using that e-mail.

Hacking into databases
Corporate database hacks are a goldmine for scam artists. Unfortunately there isn’t much you personally can do here, other than being cautious about where you post your information and what you share. Always read through a website’s privacy policy beforehand to make sure that your data is stored securely.

Phishing
In this technique, scammers use fraudulent websites to try to trick people into entering their personal information. Always check the web address any time you enter personal information online to make sure the site is legitimate.

Responding to spam
Never respond to spam e-mails (no matter how witty a comeback you come up with). Responding to scammers tells them that yours is a working e-mail address, inviting even more spam into your inbox. Don’t open strange attachments, either—at the least, they can signal to the spammer that your address is active, and at the worst, they can infect your computer with malware.

 

Photo: iStock/Guzaliia Filimonova.