I've been noticing that newly created email accounts, like those for new hires, often receive fake emails impersonating our boss shortly after they're set up. It makes me wonder, how are scammers able to find out these email addresses so quickly? Do people accidentally sign up for sketchy services with their new email, or could it be that they're getting included in wide email chains that scammers scrape?
5 Answers
There’s actually a bunch of ways scammers can scrape for new email addresses. One of the popular methods is LinkedIn – if someone announces their new job, they’ll often spam addresses like [[email protected]](mailto:[email protected]) right away. I’ve even heard of some people writing scripts to monitor their own addresses and compile a list to send back to the company, requesting they stop the spam. It tends to work surprisingly well!
I totally get that! We have a system in place to block these types of phishing emails but new hires often fall for them because they're still learning the ropes.
Yup, LinkedIn profiles are a gold mine. Certain scammers try every combination they can think of for email addresses just based on common formats.
The real kicker is that just sharing your email for legitimate purposes can get you on a list. I've started using a different email for sign-ups and it’s cut down on spam, but it’s tough to avoid it altogether.
Scammers also buy email lists from data brokers, like those using ZoomInfo. Even if you opt-out, it’s a pain because you often have to do it for each individual user.
It's not just LinkedIn though. Companies often have employees’ email addresses listed on their websites, which makes it easy for scammers. I had a client who would get phishing emails from 'the CEO' right after they hired someone new because they published their info online. It's crazy how often that happens without them realizing it!
Totally! Putting emails on the website is like handing out candy to scammers. They just pounce on any new name they see.
I saw this happen too! A new hire got a scam email from the "CEO" just two days after updating their LinkedIn profile. It happens super fast.