I got a junk (and aggressive, a bit threatening) scam email where the sender spoofed one of my iCloud aliases (that I never use) as both the sender and the recipient. How do they do that? Do they pick up the alias on the dark web (like everything else) or has my Apple iCloud account been compromised? The content of the email was very generic and meant to frighten someone into sending money.