Signs an email address could be used for fraud

Signs an email address could be used for fraud

If your business collects data from your website, unfortunately, you run the risk of gathering fake email addresses. This happens for a number of reasons, from people genuinely interested in your product or service being reluctant to provide their details, to scammers looking to commit fraud. 

This is problematic for you as an online service provider because false email addresses can be used for illegal practice, interact with your genuine customers or even look for loopholes within your security system. 

Luckily, there are a number of ways to tell whether an email address is being used for fraudulent purposes. Read on to find out what they are. 

Find out more about how to stop unwanted sign ups and prevent fake account fraud


Disposable email and freemail address providers 

Disposable email and freemail address providers 

The term ‘disposable email addresses’ refers to an email address that only lasts for a limited period of time, such as a few minutes or a few weeks. 

Although disposable email addresses are sometimes used for innocent endeavors, fraudsters often use them for malicious purposes, for example to commit identity fraud or facilitate credit card chargebacks. 

Similarly to disposable addresses,some freemail providers conduct limited identification checks and don’t require a high level of information to signup, meaning that they are relatively easy for scammers to use for fraudulent activity without leaving much of a trace behind. 

But how do you identify a disposable or freemail email address?

Disposable and freemail email addresses can be identified using static lists. There are numerous online communities that collate known disposable email address domains and email addresses, but these are a poor long-term solution because these lists can become stagnant quickly. 

A more effective way to spot these email addresses is to use an email verification system like ASSESS, which can determine whether people are using real or temporary email addresses using domain age and TLD scoring among other determining factors, so you can decide whether to accept them into your system or block them. 


Recently created domains

It is fairly easy to buy a domain, and the age of a domain often provides an indication of how long the address has been established for. 

If an email address is impersonating a long-established company such as PayPal, checking how long the domain has been active for will help you to determine whether the email address is legitimate, or being used to commit fraud. 


Lesser-known top level domains

These may be used due to price, authentication standards or availability of domains that are similar to legitimate businesses 

Originally, there were only a handful of top level domains in use. Top level domains are the letters that come after the ‘dot’ in a URL, for example, .com or 

You might see an email address that looks legitimate at first glance, but on closer inspection there might be a character replaced in the email address domain. So for instance, a scammer might replace the O in Email Hippo for a 0, making it 

Gibberish email addresses or domains

A legitimate business email address will never contain gibberish or incorrect spelling. If you come across an email address that contains gibberish or a long string of numbers, it is very likely that this address has been created purely for fraudulent purposes and with no genuine intent to purchase your products or services. 

Inconsistencies in data provided

Legitimate data in your system should always add up. For example, the email address provided should normally match the website domain for the business the user claims to work for. Similarly, the name used in the email address should match the name they have provided in the data capture process. 

It is also important to check that the location they have provided matches the email address’s IP location. If the user isn’t located in the same place as their provided data suggests, then it should flash warning signs of an increased fraud risk. 

How Email Hippo can help you spot fake email addresses

Knowing how to spot these warning signs is important, but it is also essential to have the right solution in place to ensure any attempts at fraud are blocked at the first point of contact. 

We have two products that can help you stop your forms and CRMs carrying bad email data through to your system:



Our email verification API is easy to integrate with online forms and checks 74 data points, returning results quickly. It identifies good, bad and unverifiable email addresses and the additional information feature allows you to use an email address to create discrete user experiences. 


ASSESS is our risk profiling API that risk scores the sign up (email address, name, ip address). You can use this score to get an instant view of how confident you can be about accepting a new sign up. The Trust Score enables you to take action, such as blocking risky contacts automatically, showing messages to ask for further information or triggering manual reviews. 

The results from multiple data checks carried out pass through the Email Hippo system to produce a single, numeric score. The Trust Score gives you an instant view of how confident you can be about accepting each and every sign-up or new account. It enables you to take automatic action dependent on the score level; for example automatically blocking risky contacts, triggering manual reviews or showing messages to ask for further information.

Prevent fake sign ups: download our ebook

Download our guide to find out why fake sign ups are problematic and why email address intelligence should be your first line of defence against them.

Download our guide to find out how to prevent fake sign ups



Written by: Lisa

Monday, 11 October 2021