Almost 30 years have passed since websites like Hotmail began offering access to emails for free. Even in 1997, roughly 10 million people worldwide had a personal email account – by 2026, there are expected to be 4.26 billion email users.

But those decades-old ‘legacy’ email accounts are now becoming open doors for fraudsters looking to access financial details, prompting concern from police forces.

Feeding an email address into analyst website ‘Have I been pwned’ reveals if your email has been involved in a data breach, exposing your password to scammers.

Data breaches can also expose your gender, your date of birth, and your IP address, which can reveal your geographic location.

Hackers can then share your email in lists alongside millions of others. Those who see those lists then scour the web for other online accounts using the same address.

This means if you have used the same combination of email and password across multiple accounts, a hacker can gain access to them all – and ultimately may sell the information to fraudsters.

You may already be hearing alarm bells ringing as you remember the very first email you set up as a child using a password you still rely on today. Here, Telegraph Money explains how you can protect yourself.

‘If you don’t use it, delete it’

James Bore, a chartered security professional, says that if your old email has been compromised in a known breach then you should change your password immediately. His new book, ‘The Cyber Circuit’, delves into how to safeguard yourself online.

“An old email does leave you vulnerable,” he says. “The older an email is, the more likely it has been compromised in a breach and a password leaked.

“If it’s an email you haven’t used much, someone might even be using it to impersonate you to get money or details from people in your contact book.

“I’ve got a very old email address and I get dozens of messages a day from other people – things like ‘I just saw this photo of you online, have a look’.”

While changing the password is enough to lock everyone out, Mr Bore says deleting the email account entirely if you don’t use it is sensible.

“People forget to do it and then can leave a digital trail behind them, which hackers can exploit.”

Finding a more secure email provider

There is no regulated list of email providers that guarantee you won’t be a victim of a data breach, and if you use a standard email account such as Google or Hotmail you are safest relying on the above methods to keep it secure.

Some niche providers offer encrypted accounts, the most well-known of which is ProtonMail. Headquartered in Switzerland, its data centres are said to sit in a nuclear-proof bunker.

The company boasts ‘zero-access encryption’, which it claims prevents users’ data from being shared with third parties or leaked in the event of a data breach.

Another tactic available to Gmail users is the James Bond-esque ‘self-destructing email’. This allows you to set an expiry date on emails you send, so they will be wiped from a recipient’s inbox after a time decided by you.

Other programmes offer paid encryption services without the need to switch providers. SecureMyEmail. Zoho Mail and Mailbox.org offer paid plans for businesses.

Watch out for phishing – and ‘spook’ emails

Long gone are the days when email scams were easy to spot. Desperate appeals written in broken English begging for a wire transfer to Nigeria are old news – these days you are far more likely to see emails written by AI-powered chatbots.

Built-in spam filters come as standard with email accounts. They are typically reliant on artificial intelligence but, ironically, even these can struggle to figure out whether an email was written by a robot or not, according to email security provider Egress.

A report published by the company last year found that the software cannot tell whether a phishing email has been written by a chatbot or a human in three cases out of four.

Online scams become more sophisticated by the day, and by the time a popular phishing format has made headlines, fraudsters have already moved on to the next.

Last year Britain’s national reporting centre for fraud and cyber-crime received more than 800 reports about scam emails purporting to be from companies selling life insurance.

Action Fraud said the scam emails contained links to malicious websites which coerced users into handing over sensitive financial information.

Phishing emails have also become more sophisticated in appearance. Fraudsters have had no qualms about using HMRC branding to dress up scams, prompting the taxman to issue a warning last year.

Mr Bore says it’s always best to keep your wits about you when checking emails, and recalls nearly being caught out by a phishing attempt while barely awake.

“It’s in these moments when we’re not paying our full attention that we suddenly become very vulnerable to scammers,” he says.

How to spot phishing attempts

An unfortunate side effect of our inboxes being filled with a deluge of phishing emails is that many of us are now no longer sure if anything we receive via email is legitimate.

A poll by BT found that nearly half of British adults had become so suspicious of scams that they ignored genuine emails. However, two-thirds of those surveyed said they did not check links within emails before clicking on them.

For some, getting rid of a 10-year-old email account and starting anew is not an option, because it is linked to far too many important accounts.

There are, however, some tell-tale signs that you’re likely reading a message from a scammer on your old email account.

The first thing to check is the email address of the sender. Subtle differences in spelling or format can be easy to miss but are an early indicator that a scammer is impersonating a company.

Many phishing emails do a good job of imitating legitimate companies - Josie Elias / Alamy Stock Photo

This can take the form of the letter ‘o’ being replaced with the number zero, random punctuation, or minor spelling errors such as ‘rn’ instead of ‘m’.

An easy way to verify an email’s legitimacy is to compare it with previous communications from a company.

Calls to action within emails are also a red flag to keep in mind. If an email asks you to pay for something – or do something – immediately, you likely don’t need to.

Scammers rely on a sense of urgency to stop victims from thinking too deeply about what they are reading.

If in doubt, you can always find a support email or phone number online and double check.

Scam emails also very often contain links to malicious websites. These will either coerce you into submitting sensitive information or cause you to inadvertently install malware on your computer.

Ultimately, scammers do not need your bank details to gain access to important information. Simply obtaining your email and password may be enough.

