Skip to Content
© Wave Break Media Ltd | Dreamstime.com
Kim's column

Use this fast, free check to see if your email address is spreading spam

Email phishing started back in the ’90s, and it’s been downhill from there. Open up the junk folder in your inbox to see what I mean. Just don’t click anything.

Think you’re tech smart? Tap or click here to take a quick phishing quiz. 

You need to make sure your system is protected. This way, your network is locked down, and you can browse with the confidence your data isn’t at risk. Here are 5 free security downloads every computer needs.

What if you’re sending out junk email? You might be. It’s the way some of the cleverest forms of malware spread by hijacking your email address to do their dirty work.

Luckily, there’s an easy way to check whether your email or domain has been used behind your back.

Is your email address spamming people?

The Emotet botnet is one of the most effective email malware campaigns around. It started as a banking Trojan and now spreads primarily through phishing emails that lead the recipient to a malicious URL.

If there’s a spam operation using your email address, there’s a good chance it’s this one. The Russian cybercrime operation uses sophisticated tactics like replying to an old email thread to look more believable.

To know if Emotet is working behind the scenes using your account, I found a free tool you can use: haveIbeenEMOTET.

A quick note in case you’re thinking, “Hey, that sounds familiar.” The site name may sound similar to HaveIBeenPwned, but there’s no affiliation. HaveIBeenPwned is another excellent free tool that tells you whether your data has been exposed in a data breach or sold on the Dark Web.

Tap or click here to listen to my podcast with the site’s creator, Troy Hunt. He operates the web’s biggest database of hacked logins.

Here’s how to check

Once you visit haveIbeenEMOTET, give your email address or domain name site and hit enter. You’ll get one of a few results: Confirmation that your email address has not been used in an Emotet spam campaign or verification that it has.

If your email address or domain has been used, it will be marked as either “Sender Fake,” “Sender Real” or “Recipient.” If you get one of the latter results, you need to take steps to repair the possible damage.

LIKE WHAT YOU’RE READING? Get my tech tips delivered to your in-box. Sign up on my website. 

What to do if your email has been hijacked

The haveIbeenEMOTET site doesn’t retain any information about your email address or domain that you input. It simply checks your info against data it has in its database. It doesn’t use cookies to track you, either.

If your email address is in the haveIbeenEMOTET database, you need to take four steps right away.

  1. Scan your computer for malware. Be aware, though, that malware can interfere with your antivirus software, so you may have to boot up in Safe Mode and rerun the antivirus software if that happens. Need help finding a good antivirus program? Tap or click here to see a comparison of the popular options.
  2. Change your email password. Make sure you’re using unique, hard to crack passwords for all of your online accounts. Tap or click here for tips on creating stronger passwords.
  3. Check your email account to make sure your privacy and security settings are locked down. Tap or click here to secure your emails by tweaking a few settings.
  4. Back up your devices. You may have to wipe your devices, and you need a solid backup in place before you do. Tap or click here for the steps pros use, including the 3-2-1 rule.

STAY IN THE TECH KNOW. Catch my national radio show on over 400 stations across the USA. Find your local station now.

How can you avoid Emotet in the first place?

These scam emails can outsmart you if you’re not taking a good hard look at what comes through your inbox. Here are a few things to keep in mind.

  • Avoid opening emails from unknown senders. Always check the URLs and sender fields closely — especially if the message appears to come from somebody you know.
  • Look for a shift in tone or writing style if you get an email from someone you know. He or she might not be the one who wrote it.
  • Be wary of attachments you didn’t ask for or weren’t expecting. If you get a spreadsheet or Word doc from a colleague or business associate, reach out through another medium (like a text or phone call) to double-check everything is on the up and up.
  • Think twice before you click links in emails. Hover your mouse over the link to see where it will lead you.
  • Enable two-factor authentication for any account that supports it. Tap or click here to see how to set up 2FA for your frequently used online accounts.

NEED TECH HELP? Post your tech questions for concrete answers from me and other tech pros. Visit my Q&A Forum and get tech help now.

What digital lifestyle questions do you have? Call Kim’s national radio show and tap or click here to find it on your local radio station. You can listen to or watch The Kim Komando Show on your phone, tablet, television or computer. Or tap or click here for Kim’s free podcasts.

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now