A spam text message appeared from myself

Why is it “concerning”? It’s a spam message sent to thousands of random phone numbers. Delete the message and move on with your day. As with all such spam emails, phone calls, text messages or website popup messages ignore them no do not interact with the sender or the message. They do not need to know your phone number to send a text. The only requirement for anyone, anywhere to send a text message is to know the Area Code and local number code for any part of the world. They can then send messages to every number NPA-NXX from 0000 to 9999.

Phishing is concerning. The "from" is concerning because it is spoofing the sender; usually spam comes from some other number. My guess is that is what is regarded as concerning, because it makes it seem like someone has gained control of the recipient's account.

I simply deleted it and changed my password, including logging out of all devices.

Anyone have any theories on how this happened?

Same exact scenario happened to me on 3/28/22. Two factor authentication enabled, I'm not someone who unknowingly clicks spam links. This is all very odd

From The Verge this afternoon:

“Photo by Chris Welch / The Verge

This morning, I received a very blatant spam text offering me “a little gift” for supposedly paying my phone bill. Normally I’d groan, roll my eyes, and quickly delete such a thing, but there was something different about this particular message: it was spoofed as coming from my own phone number. As best my iPhone could tell, it was a legitimate message from me to myself. Tapping into the sender details took me to my own contact card.

Equally frustrating was that I had no obvious way of reporting the alarming spoof to my carrier, Verizon Wireless. Spoofed calls and texts are nothing new; most people face a constant deluge of spam calls that appear on caller ID as from a number similar to their own. But this was the first time I actually got something from my own number. These scammers keep getting more sophisticated.

Turns out I wasn’t alone. More than a few customers on Verizon reported getting similar spam from their respective numbers over the last few days — same for its MVNO Visible — and several Verge employees on other carriers have also encountered them. I posted an Instagram story about it and have gotten plenty of “same” responses. SMS phishing, or “smishing,” has been on the rise in recent years, but there’s something more disconcerting and invasive about it being linked to your own number. It’s all very “the call is coming from inside the house.”

The main reaction on Twitter is confusion and “how?!” Again, this is all spoofing and technological impersonation. It’s trivially easy for spammers to camouflage as any number they choose. My Verizon account is secure, and my number hasn’t been hijacked. If you’ve gotten the same message, there’s no cause for panic. Just don’t go clicking that link.

Still, it often feels like the phone carriers are losing the war against scammers. I don’t envy having to contend with the sheer volume of spam attacks that come across their networks daily, but this is getting out of hand. I’ve noticed an uptick in general SMS spam over the last several weeks. And as Alex Lanstein noted on Twitter, this particular message contains several phrases — “free msg,” “bill is paid,” “gift” — that one assumes would be flagged by Verizon’s spam protection systems. And yet it came through successfully. And since this one showed as coming from me, the text also successfully evaded Apple’s “filter unknown messages” feature.”

This explains it well...

This in from The Verge:

My own phone number is now spam texting me

Did you recently get a spam text... from yourself? You’re not alone

By Chris Welch@chriswelch  Mar 28, 2022, 12:17pm EDT

"This morning, I received a very blatant spam text offering me “a little gift” for supposedly paying my phone bill. Normally I’d groan, roll my eyes, and quickly delete such a thing, but there was something different about this particular message: it was spoofed as coming from my own phone number. As best my iPhone could tell, it was a legitimate message from me to myself. Tapping into the sender details took me to my own contact card.

Equally frustrating was that I had no obvious way of reporting the alarming spoof to my carrier, Verizon Wireless. Spoofed calls and texts are nothing new; most people face a constant deluge of spam calls that appear on caller ID as from a number similar to their own. But this was the first time I actually got something from my own number. These scammers keep getting more sophisticated.

Turns out I wasn’t alone. More than a few customers on Verizon reported getting similar spam from their respective numbers over the last few days — same for its MVNO Visible — and several Verge employees on other carriers have also encountered them. I posted an Instagram story about it and have gotten plenty of “same” responses. SMS phishing, or “smishing,” has been on the rise in recent years, but there’s something more disconcerting and invasive about it being linked to your own number. It’s all very “the call is coming from inside the house.”

https://www.theverge.com/2022/3/28/22999719/spam-texts-own-phone-number-verizon-att-tmobile

I found a similar thread on a pixel forum (https://support.google.com/pixelphone/thread/157394941/received-spam-text-from-myself?hl=en). I got the 'bill paid for March' one. Another thread suggested that the user's iCloud got hacked. I verified that no-one was signed in when the message was sent, or any other time around then. Given that its happening on android as well, and all these help threads are from within the last day or so, it seems like a new spam program. The android thread suggests contacting your carrier.

General response to all:

A couple of folks have posted a description of SMS spoofing, so that's the long version.

Short version. It's no different than email spoofing, where you get a spam message from someone you happen to know, but they didn't send it. The spammer spoofed the sender address to make it look like the email came from someone else.

SMS spoofing is the same thing, only for messaging. No, the messages did NOT come from your own phone. Neither your phone or your Apple account was hacked. The spammer spoofed your phone number as the sender. That's all.

Delete the spam and ignore it.

so its just spam scammers are able to send texts from whatever numbers they want its a smishing link (sms phishing) so dont click the link bc they can steal personal info it has to do with the carrier i have verizon and from what ive seen online its mostly verizon customers dealing with it you can report it to the FCC i think and the report is under “my phone number is being spoofed” theres nothing to worry about though just delete the text

Same thing happened to me today. It’s a text from my iMessage, as if it was not sent from my phone number but my email/Apple ID. *Something I noticed: in my Notification Center it displays as a 6 or 7 digit phone number. It wasn’t until I was in my iMessage App that it shows my contact / my thread with myself…

This happened to me today March 29th too. I had to creatively delete so that I did not open it. I have 2 factor authentication enabled too. I have Spectrum as my carrier. Are our iphones compromised? Can they steal identity info? This is a legal matter. Please answer us.

I just had the same occurrence. Really creepy spoofing going on it looks like.

Going to try and get to the Apple store this week-if I can.

in the meantime, Here is an article about this that was released yesterday.

https://www.theverge.com/2022/3/28/22999719/spam-texts-own-phone-number-verizon-att-tmobile

hope this helps.

And you can’t exactly block yourself if you like to text yourself links and ideas and things like that. So would really love to find a solution! But just wanted you to know that you are not alone! We got the text to sad face! Take care and if anybody else has any updates please share :-)

Spoofing can happen at any time to anyone. Using your phone number to text yourself is a new method to bypass defenses you have set up to make you follow the link. Your phone considers your phone number safe.

This will have to be blocked at the carrier level and should be done easily. The worry is that some people do text themselves and they will complain if they lose that ability. All spammers need is a range of numbers. They will make it appear that the text is legit by putting the same number in the To and From. This is also happening to Android folks according to some sites on the web. As long as you do not follow the link, you have nothing to be concerned about.

The bad thing is that you must block your own number to block the messages. I don't think anyone will be doing that.

A solution should be coming soon. Until then, report the bogus messages to your carrier or the FCC.

this happened to me 3/29/22 and 3/31/22. I sent apple an email to their report phishing email but never got a response. I don’t know how it’s possible either because i also have the 2 factor for logins.

Since you can't flag things like this as you can in an email, you instead block the caller. Sometimes the message spam comes in as a phone number, other times from an unknown email address. Either way, simply block that sender.

That doesn’t explain how someone can send this from MY phone number