Joseo wrote:
thank you for your reply. So, is there a way to “clean” it? How did they get access to my Contact Card and Photo and “username”? And what does that mean?
I will appreciate your thoughts. Thank you!
I’m interpreting that to indicate that you might not yet fully realize how completely and utterly unreliable mail sender information is.
You know this case is a spoof, but it certainly worked wonders for your fear and your concern.
But this mess gets much uglier. Imagine you’re a finance person and a spoofed-sender email message from Your Big Boss arrives demanding your employers’ business—money that you hypothetically control—be transferred to [account], and you’ll hopefully now get some idea how some other scams here can work.
After the Yahoo security breaches years ago, I started received occasional mail messages from a friend. We’d exchanged a lot of mail over the years. That particular sender spoof was very easy to recognize though, as my friend had sadly died.
Again, you did not send this mail message, nothing here got hacked, and there’s nothing—beyond deleting this spoofed message—to clean up.
There are ways to somewhat reduce the exposure to these shenanigans, such as macOS Mail rules that detect and flag these cases, or by setting up signing and encryption for mail messages—but signing and encrypting is just not all that commonly used:
Here is how to: Use S/MIME to send and receive encrypted messages in the Mail app in iOS - Apple Support
Here are a very few examples of the common scams: Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support