What to do if you think your email address is openly exposed on the Internet?

Actions you should take if you think your personal email address is openly exposed on the Internet?

You are likely to become a victim of spam, ransomware, identity theft and other malicious threats if your email address is visible online for all to see (we refer to this as openly exposed personal email address).

You should take steps to protect yourself

You should search across all search engines, social media sites and other online platforms to see if your email address is openly exposed.  An easy way of searching most search engines and social media sites is to use the email search facility available here at sniff.email.

The Sniff.email search platform will show you how exposed your personal email address is online, for FREE.  Try it here https://sniff.email

Step 1. Is your email address visible to everyone?

You should search across all search engines, social media sites and other online platforms to see if your email address is openly exposed.  An easy way of searching most search engines and social media sites is to use the email search facility available here at sniff.email.

The Sniff.email search platform will show you how exposed your personal email address is online, for FREE.  Try it here https://sniff.email

Step 2. Has your email address been exposed as the result of a data breach?

Sometimes your email address is not visible online, but has been acquired by cyber criminals or individuals that wish to use your email with malicious intent.  A common way that cyber criminals acquire email addresses are via data breaches.

A popular site (which we think provides tremendous value) is ‘Have I Been Pwned?’.  This site will show you if your personal email address has been compromised as part of a data breach.  These guys & girls know their stuff and work hard to help people become aware of data breaches – at the time of writing this page (Oct 2021) they had identified circa 11.5 billion pwned/compromised email accounts.  Don’t worry, despite the name this isn’t anything to do with online pornography, unless of course your personal data has been breached from such a site!?

Step 3.  Change your email password NOW!

Change your password(s).  You need to change the password for your email account.  If it’s a work email account, then ask your internal IT Team.  If, however it’s a personal account you need to take action now.  Go back to whoever you setup your email account with.  We’ve provided some links below based on your type of email:

• Gmail How to Change or Reset Your Password
• Outlook or Hotmail How to Change or Reset Your Password
• Yahoo Mail How to Change or Reset Your Password
• Inbox.com How to Change or Reset Your Password
• iCloud How to Change or Reset Your Password
• Mail.Com How to Change or Reset Your Password
• AOL Mail How to Change or Reset Your Password
• Zoho Mail How to Change or Reset Your Password
• Yandex Mail How to Change or Reset Your Password
• Proton Mail How to Change or Reset Your Password
• GMX Mail How to Change or Reset Your Password
• Mailfence How to Change or Reset Your Password

If you have your own domain name (the bit after the @sign) then you’ll need to log into the control panel of your hosting provider.  If you don’t know this then seek professional IT advice from a trusted source.  A hosting provider, is a company that offer domain, email and internet storage (amongst other things), such as IONOS, GoDaddy, Azure, AWS, Hostgator, Deamhost, Bluehost and many many more.  If you are really struggling to find help reach out to us hi@sniff.email

Step 4.  So, you’ve reset your email password.  That’s not quite it yet I’m afraid.  If you think that your email was compromised, its essential that you 

1. Check to see if any ‘unknown’ emails exist in your sent items (some unscrupulous individuals (hackers) break into personal email accounts in order to launch spam attacks.  They’ll use your contact list, or the details from the emails stored in your mailbox to send out spam. Their aim is to trick your friends, family, work colleagues into providing personal information (which can later be used to launch an attack, such as identity theft), or they can use your account to persuade people to buy certain products, or make illegal payments. It can be difficult to see if your email account was used in this way, but checking your inbox for replies can help you determine if your contacts were targeted. If you do find spam or emails that were not sent by you, then let the person know that you didn’t send the email and that your account was compromised.
2. If your email account was compromised, the horrid individuals that did it may have gone through your emails to gain access to specific personal details such as your full name, address, date of birth, mother’s maiden name… all the info required to gain access (or at least attempt to gain access) to your bank account, or other sensitive, or financial accounts. We recommend that you change the password on all of your online accounts – yep it’ a pain in the ass, but it needs to be done for your own protection (spending an hour or two changing your passwords, is better than going to pay for your weekly shop to find your credit/debit card declined because your bank account has been penetrated by fraudsters).
3. PLEASE PLEASE PLEASE.  Don’t use the same password for everything.  Don’t write your passwords down if you can help it.  If you do write them down, put them in safe.  Try to commit them to memory. 
   

Step 5. Prevention Techniques

The risk of email hacking is on the rise , however there are steps that you can take to protect your personal email.  

1. Restrict the sharing of your email address online, for example never post your email address without using masking techniques on social media, forums or open websites.
2. When changing passwords be sure to use complex passwords, which are a mix of lowercase, uppercase, numbers and symbols – try to make your password at least 16 characters long.  When changing your password, don’t use real words, or words that can be guessed if someone know who you are (e.g. don’t use kids, spouse, pets).
3. Where you can, you should use Two Factor Authentication (sometimes referred to as 2FA).  This is where you’ll need a password and a secondary code to access any emails or online accounts.  The secondary code will change each time and be sent to you via text / SMS, email or sometime via phone call.

Step 6. Reporting

To report unauthorised access, scam, spam, identity theft or any malicious digital attack you should contact your local police station.  Alternatively, you can report spam, scams, suspicious email or any digital threats to:

• Your Local Policy Station
• Your Local Government Office
• UK Information Commissioner’s Office
• UK National Cyber Security Centre   
• UK Police – Report a phishing attempt
• USA Gov – Report Scams and Frauds
• USA Treasure – Report Scam Attempts
• USA Cybersecurity & Infrastructure Security Agency

• USA – FBI Scams and Safety
  
• USA – IRS, Report Phishing and Online Scams
• Europe – Report Cybercrime Online
• Germany – Email Spam Reporting
• International – Report international scams online via econsumer.gov
• Google – Reporting spam, paid links or malware

The more we Globally work together to reduce these threats, the better off we’ll all be!  The first step should be to use the sniff.email search engine to see if your email address is exposed online.  You can do that here https://sniff.email