I’m very careful with privacy and security so I was surprised I got an obvious phishing email from “American Express”. I reported the email and moved on only to get another one today. I checked haveibeenpwned and it came back clear. I have never gotten a phishing email before the other day. As for the senders, they all came from generic IT sounding email addresses. They obviously weren’t American Express.

  • @[email protected]
    link
    fedilink
    1725 days ago

    employees of companies with whom you’ve registered that email id sell it for some quick cash on the side.

    i can aver this confidently since i know someone from dominos pizza has leaked my email id. i have a convoluted gmail id which i use to register to all these services and – because it’s gmail – i can set up random dots and a custom phrase behind a + to register specific variants to specific companies (e.g., abcxyz123@gmail vs. ab.c.xyz123+dominos@gmail).

    all the spam and pseudo-phishing email is sent only to the variant which i’ve registered to dominos and not to a different variant (e.g., a.bcxyz123+bankname@gmail) registered to any other company.

    the leaked email id doesn’t contain a name and is too random for it to just be “guessed” by the spammers.