Emails purporting to be from me ?

Has anyone else received an email purporting to be from me ?
The subject was “employees needed” and the thing seemed to be some phisher trying to get people to click the link.

I had a very odd happening this morning. I got this email.

From myself :stuck_out_tongue:
Thing is that it’s NOT from me.
We’re not looking for employees and it definitely wouldn’t come from me :slight_smile:

The raw email shows it was sent from outside - someone on ngi.it

I have emailed the relevant postmaster & security admin

I am wondering if anyone else received this email from me OR if anyone else has had one sent to themselves from themselves.

I wonder if there’s any link to this? https://forum.xojo.com/33374-xojo-job-at-west-point

Doesn’t seem to be but I dont have the email that Dave received to compare the raw headers

I just examined the raw headers in the email I mentioned, and it does seem to have been processed by the mail servers at INDEED.COM (a legit job board)

It’s very common to get emails from someone you know or have had contact with, but it’s not that common that they are from and to the same person. Probably a lazy spam dev forgot to check for that condition. I’ve gotten emails from my sister more than once that she didn’t send.

Yahoo, Outlook, and Hotmail are the worst about this. Hotmail not so much anymore though. There have apparently been many hacks or breaches where spammers have gotten hold of address book info. There used to be a number of malware hacks that would steal address books from Outlook.

Anyway, I wouldn’t say it was all that strange unless the email was well done. One thing all these emails have in common is they are all obviously fake. Same thing with those dumb linked in emails except people apparently allowed access to those address books.

I get Emails from me from my work account, to my work account often, but I never open them so i have no clue where they are coming from.

  • Karen

OK well it seems no one but me got the email from me

no one here. Hackers will use harvested email addresses broadly. You were probably just a validation test. My address was used for a while. I received a few angry complaint mails about it. Some time before, I received a bogus mail from myself.

The good news is, it seems to have stopped. I have not heard anything for a while. Regardless, I am now in process of using several email addresses: one for business, one for personal use, and one disposable for subscriptions and public facing. My real addresses will be at lesser risk.

Do you actually mean from “Me”. I ask because I quite often get emails from my actual email address that I have never sent to myself. I am loath to mark them as Spam as this could be the wrong thing to do. However, I never click links or open attachments.

I only find emails from me in my spam folder - and they get deleted without opening. I wonder why spammers seem to love sending from the recipient?

The email address is spoofed on a mail server that is not configured properly. What happen is this improper config (vulnerability) allows email spoof to be send to the same domiain, the easiest of which is the sender’s own email address, eg abc@mydomain.com to abc@mydomain.com when the spammer knows for sure that abc@mydomain.com is a valid email address.

This happened to me once before and I complained to my webhosting company. They did some changes and corrected the vulnerability.

You know you can open whatever link or attachments as long as you don’t run the EXE file

Just trash the things. I have seen some VERY strange attachments, including one .pdf that was just a huge pile of scripting commands. Also, depending on how your system is set up to display files, MyInnocentPDF.pdf.exe can appear as MyInnocentPDF.pdf. There are always new exploits - graphics files, html files, who-kows-what.

True. Not only that but depending on platform and exploits, opening a web link may have unintended results (including automated download of files, prompt for installation of software, etc.).

Not clicking on links is always the smart move with Spam, unless you’re testing from a very closed and isolated platform (like unjailbroken iOS, and even then there’s been web-based exploits in the wild in the past).

HOVERING over the links is always a smart move, though. It’s the fastest way to remove any doubt about whether an email is spam or phishing, as the hovered domain will never be the one that the email is purportedly being sent from (and, even then, remembering how easy was to mistake paypaI.com with paypal.com, even after hovering clicking shouldn’t really be an option).

Good sites don’t force you to click anything, so if the email is legit just to go the website and enter normally. Whatever needs to be done should be doable from there.

For my home email account I always run MailWasher first, which downloads and shows the headers ( to/from/subject ) and lets you select mails then delete them straight off the server. Anything I don’t recognise gets clobbered.

I’m thinking of writing a program to do that, just for fun.

They already did, it’s called a normal spam filter. :stuck_out_tongue:

OH CRAP. I hope my former boss has a sense of humor and will re-hire me :frowning:

Not the same thing at all. :stuck_out_tongue:

It’s not. It’s more like a specialized, remote-only client.

I used to do this with Pine, where I’d use it to log remotely and do basic maintenance before downloading stuff locally. At the time my reasons were bandwidth and being a bit obsessive about some things, but the functionality still applies.

I’ve long thought a good tool nobody seems to have developed is a mail automation engine that runs on its own. Long have we had these automation engines and add-ons in fully-fledged email clients (Mail.app, Outlook, etc.) but with the advent of mobile and web email clients the functionality usually ranges from limited (Gmail’s and Outlook.com are pretty complete) to inexistent and some people even have purchased and implemented add-ons that manage a lot of their inboxes for them.

In Smartphones all this functionality is usually inexistent (and, where it does, it’s pretty limited). Having an app that runs in your home massaging your mailboxes to me is very attractive. I had even though it could make sense to have it be a Raspberry Pi (since running it in a full PC means you’d probably be better off running the normal mail.app client you’d use otherwise).

Nowadays having my mail.app open in my home, applying rules and automations, is pretty much the only reason I keep my Mac on all the time (other things like my Plex and Ubooquity servers, file synchronisation and downloaders, online back-up tools and general home-servers are handled by other dedicated systems, like raspberries or the Synology NAS).

Incidentally, this thread has probably gone off-topic. I think this is an interesting project but it’s probably important to continue it in a new thread.