Recieved a spam email from myself

Spammer spamming spam, and a functioning spam filter.

Delete the spam, and move on.

Email sending addresses are trivial to spoof, and the user’s own address can sometimes get past more spam filters.

Variations of these scam spams are common. Here’s an example from 2018 which includes hacked passwords*:

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

*this is also why password re-use is deadly, and why two-factor authentication (even by SMS) is helpful.

Joseo wrote:

thank you for your reply. So, is there a way to “clean” it? How did they get access to my Contact Card and Photo and “username”? And what does that mean?

I will appreciate your thoughts. Thank you!

There is no cleaning that needs to be done, just delete it. Your email address was just spoofed and is easily done by scammers to make it look like you. You Contacts just recognized this address as yours. Nothing to worry about and is a common scam.

Joseo wrote:

thank you for your reply. So, is there a way to “clean” it? How did they get access to my Contact Card and Photo and “username”? And what does that mean?

I will appreciate your thoughts. Thank you!

I’m interpreting that to indicate that you might not yet fully realize how completely and utterly unreliable mail sender information is.

You know this case is a spoof, but it certainly worked wonders for your fear and your concern.

But this mess gets much uglier. Imagine you’re a finance person and a spoofed-sender email message from Your Big Boss arrives demanding your employers’ business—money that you hypothetically control—be transferred to [account], and you’ll hopefully now get some idea how some other scams here can work.

After the Yahoo security breaches years ago, I started received occasional mail messages from a friend. We’d exchanged a lot of mail over the years. That particular sender spoof was very easy to recognize though, as my friend had sadly died.

Again, you did not send this mail message, nothing here got hacked, and there’s nothing—beyond deleting this spoofed message—to clean up.

There are ways to somewhat reduce the exposure to these shenanigans, such as macOS Mail rules that detect and flag these cases, or by setting up signing and encryption for mail messages—but signing and encrypting is just not all that commonly used:

Here is how to: Use S/MIME to send and receive encrypted messages in the Mail app in iOS - Apple Support

Here are a very few examples of the common scams: Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

This is a scam. Scammer use spoofing tools to make the email look like it was your own. In reality, it comes somewhere else. They also send an entire batch of one exact email to thousands of people, so you aren't alone. It's best to mark as spam and delete the email to keep it away from your inbox, and continue your normal routine.

just in case, it's still best to download a trusted antivirus like Malwarebytes to stay safe on the web. Lastly, everything they say is fake. do not reply and do not send money. This will give you more spam probably from the same person that claims to be someone else, even when they say they will leave you alone. Your data hasn't been breached in a hack and nothing bad will happen.

Techpro100 wrote:

just in case, it's still best to download a trusted antivirus like Malwarebytes to stay safe on the web…

The built-in anti-malware is the choice on iPhone and iPad, as no add-on apps can scan the iPhone or iPad.

Any attempts to scan are blocked by malware defenses.

Add-on apps can scan and collect network traffic though, but that’s the limit of their activities. And that re-routing and scanning can (like add-on VPN apps) cause network-related problems, as it is inherently intercepting network traffic.

Add-on anti-malware apps for macOS can scan, but the built-in anti-malware blocks attempts by the add-in anti-malware to corrupt macOS itself, as has been attempted by add-on anti-malware on various occasions. So-called false positives.

Add-on anti-malware on macOS isn’t particularly better than the built-in defenses either, but can be unnecessarily noisy, can sap performance and can add instabilities and crashes, and can itself act as malware.

Anti-malware can act as malware? One of the better-known and common anti-malware add-ons for macOS was caught and later fined for capturing and selling personally-identified web browsing and web purchasing data. (Had the vendor included that detail in the fine print, they’d probably have not had fines levied related to their personally-identified metadata sales.)

Performance degradation and stability problems are fairly common with add-on anti-malware apps, unfortunately. That’s when the add-on anti-malware isn’t itself difficult to distinguish from malware.

Recent macOS defenses against malware include the signed syystem volume, notarization and Gatekeeper, built-in scanning, and other features.

• Apple Platform Security - Apple Support
• Effective defenses against malware and other threats - Apple Community

Folks that need end-point security or need network-level anti-malware detection aside, I’d tend to stay away from the add-on anti-malware apps. Too many of the add-in security vendors just look shady.

When viewing the Raw Source, those hops are listed from the closest to you on top and the farther down you go in the list is closer to the originator. They are not the actual address of the computer used and is the router that passes the email along. The first one shows the Comcast router that passed the email to you and is the IP address is of the router, not your IP address.

As far as setting rules to block these emails, in my experience it is never very effective when blocking by a sender unless you are constantly getting emails showing this address. It may be useful to block by content with keywords that you would never expect in a legitimate email. For example the latest scam emails going around contains the word "pervert", which you would most likely not be getting from someone you know. Of course this rule would only block this one email scam and you may never get that one again.

In most cases it is just more efficient to delete and move on, instead of always trying to chase the ever-changing scam emails in an attempt to block them.

You could add the received to what is available in the filter rules and match on an And rule for that and the From.

That works for cases other than those spoofed from your same mail server.

if you don’t use the self-BCC feature, anything with your address in both from and to can trigger a filter rule, too.

Mac Jim ID wrote:

For example the latest scam emails going around contains the word "pervert", which you would most likely not be getting from someone you know. Of course this rule would only block this one email scam and you may never get that one again.

I have a block of ~six separate rules for that one. (And SpamSieve for most of the rest.)

JIm,

If I look at the headers of the ‘spoof’ email/s, by going to “View/Raw Source”, and there copy the address/es labeled as “Received: from (snapshot follows for safety/security):

The emails have 4 of these with differing addresses, is using Rules a way to block them, and what would I block?: the dovdir’s, the dovback’s or the IP, or something else? What do you think?

I’m talking about PC. Yes we do know that scans from add-on apps will not work. It doesn’t matter because many add-on essential app tools can be fake. If any scam email pops up on PC, this is what I was explaining.

But you do have a point. Many add-ones act as antivirus but in reality could steal your information. Also, Apple is famous for their enhanced security, so it wouldn’t be necessary to get something to protect your device. The best security apps would come from PC.

Techpro100 wrote:

I’m talking about PC.

PC is a whole different matter, and comparative discussions of Windows add-ons and Microsoft Defender antivirus / Endpoint / SmartScreen are probably best elsewhere.

Microsoft Windows takes a different approach toward system security than has Apple, as well.

Windows PC: https://www.microsoft.com/content/dam/microsoft/final/en-us/microsoft-brand/documents/MSFT-Windows-11-Security-guide-RWMvI1.pdf

(There are likely more detailed Windows security documents around.)

Apple platforms: Apple Platform Security - Apple Support

On a Windows PC, I’d likely run Defender, and not an add-on.

Yes we do know that scans from add-on apps will not work. It doesn’t matter because many add-on essential app tools can be fake. If any scam email pops up on PC, this is what I was explaining.

Yes, and though this thread is not PC, all platforms are undoubtedly getting the “pervert” spam, and variations. And add-on anti-malware won’t help with spam, or with scam and phishing messages.

thank you for your reply. So, is there a way to “clean” it? How did they get access to my Contact Card and Photo and “username”? And what does that mean?

I will appreciate your thoughts. Thank you!

Thank you so much for your reply: appreciated!