Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Blueser100

macrumors newbie
Original poster
Oct 11, 2022
24
7
CA
I got a junk (and aggressive, a bit threatening) scam email where the sender spoofed one of my iCloud aliases (that I never use) as both the sender and the recipient. How do they do that? Do they pick up the alias on the dark web (like everything else) or has my Apple iCloud account been compromised? The content of the email was very generic and meant to frighten someone into sending money.
 
one of my iCloud aliases (that I never use) as both the sender and the recipient. How do they do that? Do they pick up the alias on the dark web (like everything else)
Yup. If you’ve ever used it, they’ll find it… or where (web site, service, etc) you have used it, sold it. Or spammer randomly generated it and got lucky.
 
where the sender spoofed one of my iCloud aliases (that I never use) as both the sender and the recipient. How do they do that?
Look at the sender address very closely. Are they sending from @ icloud, or is it actually @ Lcloud?

(the L is lowercase to look like the letter I, so you see the sender's domain as @ lcloud instead of @ icloud)
 
  • Like
Reactions: EedyBeedyBeeps
Unfortunately I dumped the email already. But it sure looked like "icloud" but it sure could have been a lowercase L. That would explain a lot. I don't use this email address or any associated aliases anymore, if at all.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.