Someone Signed Up for Services Using My Email Address - What to Do

You start receiving welcome emails, verification codes, and account notifications from services you never signed up for. Someone used your email address to create accounts — and now their activity is flooding your inbox.

This is more common than you think, and it is not always malicious. Here is what is happening and what to do.

Why this happens

Reason 1: Typo (most common)

Someone has an email address similar to yours and mistyped it during signup. If your address is john.smith@gmail.com, someone named John Smith with johnsmith@gmail.com or john.smith1@gmail.com may have accidentally entered yours. This is not malicious — just a mistake.

Reason 2: Credential stuffing test

Attackers sometimes sign up for services using email addresses from breach databases to test which addresses are active. If you receive a verification email, your address is confirmed as valid in their database. This is why you should NOT click the verification link.

Reason 3: Account creation fraud

Someone is creating accounts using random email addresses (including yours) for abuse purposes — fake reviews, spam, promotion abuse, free trial farming. Your address is just one of thousands being used.

Reason 4: "Email bombing" as cover

In rare cases, an attacker floods your inbox with hundreds of signup emails to bury a legitimate notification — like a password reset or purchase confirmation for an account they have already compromised. If you are suddenly receiving dozens of signup emails from different services, check your important accounts immediately.

What to do

Step 1: Do NOT click verification links

If you receive "verify your email" messages for accounts you did not create, do not click the link. Clicking confirms the account and associates your email with it. Let unverified accounts expire on their own.

Step 2: Do NOT log into those accounts

Do not try to log in, reset passwords, or "claim" accounts you did not create. This associates your email with the account and may make you liable for the account's activity.

Step 3: Mark as spam and block

For each unwanted signup email:

• Mark it as spam in your email client
• Block the sender if the emails persist
• Do not unsubscribe (this confirms your address is active)

Step 4: Check your own accounts

If you suspect email bombing (sudden flood of signups), immediately:

• Check your bank accounts and credit cards for unauthorized transactions
• Check your primary email account for password reset notifications you did not request
• Check your important accounts (Amazon, PayPal, etc.) for unauthorized activity
• Enable 2FA on everything if you have not already

Step 5: Set up category-based filtering

If the signup emails keep coming, set up filter rules to automatically deny or mute them. Many signup emails come from specific categories or contain patterns like "verify your email" or "welcome to" that can be caught with content filters.

Prevention

The fundamental prevention is the same as always: do not use your real email address publicly.

• Use unique aliases for every service you sign up for
• Keep your real address private — share it only with people you trust
• If your real address is already exposed (breach databases, public profiles), aggressive spam filtering and category-based blocking reduce the impact

When you use aliases, someone signing up with "your" email is not possible — they would need to know the exact alias, and each alias is unique to one service.