I’m very careful with privacy and security so I was surprised I got an obvious phishing email from “American Express”. I reported the email and moved on only to get another one today. I checked haveibeenpwned and it came back clear. I have never gotten a phishing email before the other day. As for the senders, they all came from generic IT sounding email addresses. They obviously weren’t American Express.
Information might also be leaked through data breaches. An email is not a particularly hard thing to find, or even guess.
A spammer could easily just have a computer iterate through all possible combinations of emails and usernames, and shotgun it.
Especially for a name like OP’s. If their email is a similar name, it wouldn’t be difficult for generate one that is also two words.
Nah, my email is my name. It’s a very uncommon name.
A program to send to [list of firstname.lastname pulled from the census]@gmail.com or whatever is pretty easy. Also merchants sell the email lists for $ so if you’ve bought anything with that email that could be it.
And you have zero social media with your name?