You can check out any time you like, but you can …. wait, what?
There’s a good chance you haven’t been hacked at all.
How can I say that? Simple: it happens to me all the time.
All. The. Time.
Become a Patron of Ask Leo! and go ad-free!
You may receive email from services you’ve never signed up for or never even heard of. Ignore the first instance. If you keep getting more, and you know didn’t ask for it it, it’s spam by definition: mark it as spam or junk. Unsubscribing is not recommended because that often leads only to more spam.
With only an email address
Anyone with a public-facing email address — like, say, firstname.lastname@example.org — has this problem. Anyone with an email address that is easily mistyped does, too.
People use it to sign up for things. It could be as simple as newsletters or as complex as online games and services, and I suppose it could be as jarring as an online store.
This is why email opt-in confirmation is so important: to confirm you actually want what you’ve been signed up for.
Most notifications I receive are exactly that: requests that I confirm a subscription or confirm the validity of my email address. They ask me to click a link to do so. Needless to say, I don’t click the link.
Occasionally, I’ll start getting an unwanted newsletter or periodic notification. These are from sites and services that don’t send those opt-in confirmations. I mark those as spam because that’s exactly what they are. That an otherwise reputable newsletter allowed someone to sign me up for something I didn’t want remains their fault. I don’t know that they’re reputable (lack of email confirmation is one indication they may not be), so I’m certainly not going to click on an unsubscribe link; if they are a spammer, that would make things worse.
On at least a couple of occasions, I’ve received messages requesting that I authorize my child to access some game or website. I have no children. Some child probably used my email address in place of the email address of their parent in the hopes that I’d say OK. I don’t. I ignore those emails.
On rare occasions, I get notifications of an order being completed or shipped that I never placed. Without email confirmation, that looks very much like spam, and I mark it as such.
An email address is all they have
That last one might make some people nervous: some kind of online order had been placed using my email address.
But that’s all they had. They don’t have my credit card number, for example.1 In fact, they don’t have anything that really matters. At worst, they have my name and email address. As do you:
Leo A. Notenboom <email@example.com>
It’s public information. It’s how people reach me.2
That I get spam on it is no surprise at all.
What to do about it
The short answer is: expect it, ignore it or mark it as spam, and move on with your life.
As long as there’s no financial or other commitment incurred (if there is, talk to your credit card company about fraud), there’s really nothing worth doing. It’s not likely you’ve been as exposed as you seem to feel you have been.
Particularly if it’s just limited to email notifications, ignore, or mark spam as spam, and carry on.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: If it was a spammer, they would not alert me to its use by causing email to get sent to me; they’d hide their use as long as possible.
2: Since that email address is posted publicly, it gets a higher-than-average amount of spam and other stuff. I have personal email address(es) that don’t get the same visibility, but still experience a lower level of the various things discussed in this article.