Mail phishing scam - from myself?

jsmith189

macrumors 68000
Original poster
Jan 12, 2014
1,576
3,022
*Hopefully the correct section*

I'm no stranger to phishing scams, I always know when to ignore them. But I got three emails with the usual "UPDATE YOUR INFO" that are clearly fake, but the strange thing is that they were from "my" email address. And it definitely is because I can see that it's linked to my contact.

I have emails set up to alert me any time someone logs into my account, even if it's myself, and I also have two-step verification. Nothing suspicious, so my account doesn't appear to be "compromised" per se. It's just really strange.

Called Apple just in case. Gave me malware software to run, nothing found. He said it was probably a Safari script that forced my Mail to mail myself. Just wondering if anyone's heard of this before and is there something I can/should be doing about it?
 

OldGreyGuy

macrumors member
Jan 14, 2014
88
10
Near Brisbane, Australia
It may not be you.

The headers for mail messages can be easily set by the outgoing mailer. There were a number of viruses in the past that were getting around spam filters by using the user's email address as the "from" header on the basis that they would not be rejected as spam. In these previous cases I saw a user with another user's details in their contacts were the ones who were the sending system and the mailer would just substitute the headers with the addressee's details. If I bother to go to my Gmail Junk mail folder I suspect that I will see a number of messages from myself.

Another reason they would also do this is to avoid having a whole bunch of bounced emails clogging up their own servers, I also see a number of bounced messages in my junk folder as well.
 
  • Like
Reactions: jsmith189

canuckRus

macrumors 6502a
May 18, 2014
560
181
*Hopefully the correct section*

Called Apple just in case. Gave me malware software to run, nothing found. He said it was probably a Safari script that forced my Mail to mail myself. Just wondering if anyone's heard of this before and is there something I can/should be doing about it?[/QUOTE

Not that unusual. Happens to me several times a year it seems. Sorry I can't offer a solution.
 
  • Like
Reactions: jsmith189

jsmith189

macrumors 68000
Original poster
Jan 12, 2014
1,576
3,022
Any other thoughts on how to stop this from happening? Happened again today.
 

blackboxideas

macrumors member
Oct 17, 2012
47
3
Any other thoughts on how to stop this from happening? Happened again today.
Unfortunately it sounds like it is just spam that is spoofing its 'from' address as yours. The only real way to filter this stuff out is to use a spam filter, and possibly requiring you to train it to look out for stuff like this.
Who is your mail provider? They may offer some form of anti-spam solution, if not already there.
 

jsmith189

macrumors 68000
Original poster
Jan 12, 2014
1,576
3,022
Unfortunately it sounds like it is just spam that is spoofing its 'from' address as yours. The only real way to filter this stuff out is to use a spam filter, and possibly requiring you to train it to look out for stuff like this.
Who is your mail provider? They may offer some form of anti-spam solution, if not already there.
iCloud :( Lol.
 

blackboxideas

macrumors member
Oct 17, 2012
47
3
Ok, good start - you're using iCloud, now we know what options we have available to you to help reduce this spam.

  1. Report the spam messages to spam@icloud.com - read this: https://support.apple.com/en-gb/HT203524
  2. If the messages all contain similar content, consider moving them to a spam folder automatically in iCloud with a rule: read https://support.apple.com/kb/PH2650?locale=en_US
  3. When you next receive one (or if you still have a message that you haven't deleted), view it's full headers. To do this in mail.app (on the mac) go to View -> Message -> All Headers. This will show you the source and recipients of the message, and chances are that you'll notice that the source wasn't you, but rather a server thats sending out spam. Check out this thread for a bit of info on that: http://apple.stackexchange.com/questions/167908/receiving-spam-from-myself - then consider reporting the offending server to spamcop.net to help stop it from sending out more.
 

jsmith189

macrumors 68000
Original poster
Jan 12, 2014
1,576
3,022
Ok, good start - you're using iCloud, now we know what options we have available to you to help reduce this spam.

  1. Report the spam messages to spam@icloud.com - read this: https://support.apple.com/en-gb/HT203524
  2. If the messages all contain similar content, consider moving them to a spam folder automatically in iCloud with a rule: read https://support.apple.com/kb/PH2650?locale=en_US
  3. When you next receive one (or if you still have a message that you haven't deleted), view it's full headers. To do this in mail.app (on the mac) go to View -> Message -> All Headers. This will show you the source and recipients of the message, and chances are that you'll notice that the source wasn't you, but rather a server thats sending out spam. Check out this thread for a bit of info on that: http://apple.stackexchange.com/questions/167908/receiving-spam-from-myself - then consider reporting the offending server to spamcop.net to help stop it from sending out more.
Thanks for that. :) I did an actual email to myself and compared, the only thing I could find was s9.name-servers.gr - I don't know if that's what it is, but that's from Greece and didn't appear in my actual email. Reported, regardless of if it's real or not lol.

Is there any way to add a rule for an email that's from you but not from you? Lol. I've looked through the options and they don't seem as intricate as that.
 
Last edited:

blackboxideas

macrumors member
Oct 17, 2012
47
3
Not that I'm aware of - subject/content/sender etc are really your options. Anti spam filters should be looking out for spoofed headers, alas not foolproof.
Reporting it as spam should help Apples systems stop it for you (or at least it should help train their filter!)
 
  • Like
Reactions: jsmith189

Similar threads

  • berlingoodman
5
Replies
5
Views
193
  • aunkster
1
Replies
1
Views
291
  • A1MB1G
0
Replies
0
Views
136
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.