Mail phishing scam - from myself?

Discussion in 'Mac Apps and Mac App Store' started by jsmith189, Sep 8, 2015.

  1. jsmith189 macrumors 65816

    jsmith189

    Joined:
    Jan 12, 2014
    #1
    *Hopefully the correct section*

    I'm no stranger to phishing scams, I always know when to ignore them. But I got three emails with the usual "UPDATE YOUR INFO" that are clearly fake, but the strange thing is that they were from "my" email address. And it definitely is because I can see that it's linked to my contact.

    I have emails set up to alert me any time someone logs into my account, even if it's myself, and I also have two-step verification. Nothing suspicious, so my account doesn't appear to be "compromised" per se. It's just really strange.

    Called Apple just in case. Gave me malware software to run, nothing found. He said it was probably a Safari script that forced my Mail to mail myself. Just wondering if anyone's heard of this before and is there something I can/should be doing about it?
     
  2. OldGreyGuy macrumors member

    Joined:
    Jan 14, 2014
    Location:
    Near Brisbane, Australia
    #2
    It may not be you.

    The headers for mail messages can be easily set by the outgoing mailer. There were a number of viruses in the past that were getting around spam filters by using the user's email address as the "from" header on the basis that they would not be rejected as spam. In these previous cases I saw a user with another user's details in their contacts were the ones who were the sending system and the mailer would just substitute the headers with the addressee's details. If I bother to go to my Gmail Junk mail folder I suspect that I will see a number of messages from myself.

    Another reason they would also do this is to avoid having a whole bunch of bounced emails clogging up their own servers, I also see a number of bounced messages in my junk folder as well.
     
  3. canuckRus macrumors 6502

    canuckRus

    Joined:
    May 18, 2014
    #3
     
  4. jsmith189 thread starter macrumors 65816

    jsmith189

    Joined:
    Jan 12, 2014
    #4
    Any other thoughts on how to stop this from happening? Happened again today.
     
  5. blackboxideas macrumors member

    Joined:
    Oct 17, 2012
    #5
    Unfortunately it sounds like it is just spam that is spoofing its 'from' address as yours. The only real way to filter this stuff out is to use a spam filter, and possibly requiring you to train it to look out for stuff like this.
    Who is your mail provider? They may offer some form of anti-spam solution, if not already there.
     
  6. jsmith189 thread starter macrumors 65816

    jsmith189

    Joined:
    Jan 12, 2014
    #6
    iCloud :( Lol.
     
  7. Ulenspiegel macrumors 68030

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #7
    Happened to me some months ago. (Though it was not iCloud, but a webmail). Change the password.
     
  8. blackboxideas macrumors member

    Joined:
    Oct 17, 2012
    #8
    Ok, good start - you're using iCloud, now we know what options we have available to you to help reduce this spam.

    1. Report the spam messages to spam@icloud.com - read this: https://support.apple.com/en-gb/HT203524
    2. If the messages all contain similar content, consider moving them to a spam folder automatically in iCloud with a rule: read https://support.apple.com/kb/PH2650?locale=en_US
    3. When you next receive one (or if you still have a message that you haven't deleted), view it's full headers. To do this in mail.app (on the mac) go to View -> Message -> All Headers. This will show you the source and recipients of the message, and chances are that you'll notice that the source wasn't you, but rather a server thats sending out spam. Check out this thread for a bit of info on that: http://apple.stackexchange.com/questions/167908/receiving-spam-from-myself - then consider reporting the offending server to spamcop.net to help stop it from sending out more.
     
  9. jsmith189, Oct 1, 2015
    Last edited: Oct 1, 2015

    jsmith189 thread starter macrumors 65816

    jsmith189

    Joined:
    Jan 12, 2014
    #9
    Thanks for that. :) I did an actual email to myself and compared, the only thing I could find was s9.name-servers.gr - I don't know if that's what it is, but that's from Greece and didn't appear in my actual email. Reported, regardless of if it's real or not lol.

    Is there any way to add a rule for an email that's from you but not from you? Lol. I've looked through the options and they don't seem as intricate as that.
     
  10. blackboxideas macrumors member

    Joined:
    Oct 17, 2012
    #10
    Not that I'm aware of - subject/content/sender etc are really your options. Anti spam filters should be looking out for spoofed headers, alas not foolproof.
    Reporting it as spam should help Apples systems stop it for you (or at least it should help train their filter!)
     

Share This Page