One of the most common questions police officers get when investigating scam complaints is, “How did the scammer get my information?”

The truth is, scammers can get your name, phone number and email address in many ways—some digital, some old-fashioned. Knowing how they do it is just as important as recognizing the scam itself.

Here are the most common methods scammers use:

Data breaches: Hackers break into company databases to steal personal information. Cell phone service providers, tech companies, health care organizations and even universities have suffered breaches exposing millions of phone numbers and other sensitive data.

Social engineering: Scammers pose as trusted entities like banks or government agencies to trick you into sharing your personal information. 

Phishing attacks: Fake emails or text messages that look legitimate and prompt you to reveal sensitive details, often through malicious links or forms.

Publicly available information: Scammers collect phone numbers posted on social media or listed in public records, such as voter registrations or property filings.

Tracking and data brokers: Some websites capture the numbers you enter—like your phone number, email or address—while data brokers compile and sell personal details to anyone willing to pay.

Physical theft: Criminals steal bank statements, bills or other documents from your mailbox, or dig through trash (known as “dumpster diving”) to find personal information.

Email exposure: Using the “CC” field instead of “BCC” in group emails exposes all recipients’ addresses.

Random guessing: Scammers use software to generate and test email addresses, usernames and passwords until they find valid ones. This is known in cybersecurity as a brute force attack—gaining unauthorized access by systematically guessing combinations until the correct one is discovered.

HOW TO PROTECT YOURSELF

• Limit public information. Think twice before posting personal details online.

• Use strong passwords. Create complex, unique passwords and change them regularly.

• Enable two-factor authentication. Two-factor authentication (2FA) adds an extra layer of security by requiring two proofs of identity to log in—usually something you know (like a password) and something you have (like a code sent to your phone).

• Be cautious with links. Don’t click on suspicious links in emails or texts.

While you can’t eliminate all risk, strong security habits can greatly reduce your chances of being targeted.

“Free lunch” or financial trap? Investment scams that target seniors

Scammers often target older adults with high-risk investment schemes. Learn how to spot common scams, protect your savings and report fraud before it’s too late. Read More »  

Tired of spam calls? Here’s how to stop them for good

Stop robocalls before they ring. Learn about the Do Not Call Registry, call-blocking apps, labeling tools and how to report phone scams. Read More »