I recently switched my mail/domain from Google to name cheap. I’ve been keeping a critical eye on my junk mail as the spam filtering doesn’t seem as good.
I saw neat scam email from my own email adress. It was the usual “I am a hacker give me money” nonsense but the trick with them using my own email adress is pretty neat. I assume they’ve injected some sort of common replace string?
Just curious if anyone knows the trick here.
Update: followed the advice most of you have provided and spam mail has gone way down as a result. Leaving post here for the next poor sod who runs into these problems. Maybe Google will lead folks here instead of reddit.
Thank you kind strangers.
Or the “hacker” is an automated script (…which is probably pretty stupid, to your point), as the vast majority of attacks are.
If it’s more like a spearphishing-to-impersonate attack-- i.e. A specific individual is being targeted-- then yeah, it’d be important to avoid detection. They wouldn’t do that unless they are extremely bad at their task.
But most attacks are fairly coarse attempts at exploiting a rather glaring security hole against a large number of targets, and their goal might not be what you’d think… Like for example “iterate through this list of 100,000 sites, see if they’re using
[some vulnerable framework], and see if they still have the default admin password.” The attacker doesn’t care about being foiled by any one victim, because (for example) their goal is to collect accounts that are:a) Unmonitored by their owners, and;
b) Able to send and receive emails
Is that scenario more likely than FROM address forgery? No. Is that scenario “not a possibility at all?” Also no.