Yes really, this is no joke and could be evidence of a security problem.
I live in France. My iPad (mini 2 - 12.5.8) is connected to our home network, it has no cell phone connection. Since late March it has been receiving text messages from a telephone number in the Melbourne area of Victoria State, Australia. Those messages do not show up on my iPhone nor in the Messages app on my iMac. The message that I refer to in the subject is:
“Can I have a double cheeseburger in your way home pretty please”
Others are more serious such as:
“Hi, this is a reminder, your interest only home loan/s payment is due soon.
Ensure sufficient funds are in the linked account/s by 5pm (AEST/AEDT) on
31/03/2026 to cover the payment amount. Debit interest of 20% p.a may
apply on any overdrawn amount on your Transaction Account. If there’s
sufficient funds, you don’t need to do anything. Thanks, NAB”
My concern is that this suggests that text messages can leak from a phone and that these might include sensitive information. How can this happen? Perhaps this bug has been eradicated. I do hope so. Any ideas?
No, text messages don’t “leak” from phones to other phone numbers. And the caller ID (that claims it’s from Australia) is easily forged. Someone is sending these messages to you, probably via the iMessage network.
These messages are complete scams. The idea is to get you to reply (maybe to let them know they have the wrong number), at which point, you are asked to call some phone number (customer service, perhaps) to straighten out the problem. At some point, you’re asked to provide payment information and other sensitive information and then the real attacks begin.
You might also take a look at your Messages settings on your iPad. You may have it set to receive messages from an email address that isn’t important, so you might be able to disable that particular account.
Good chance that’s it. I know that for some reason one of my email addresses occasionally goes from being unchecked to checked in the list of accepted ways to receive iMessages.
Many thanks. My iPad doesn’t have a SIM so can, I believe, only receive iMessages direct. Apple Support advises:
If someone sends a message to your email address or phone number using iMessage, you receive the message on all your Apple devices that are set up to receive messages sent to that email address or phone number.
There is only one email address on my iPad that is not also available on my iPhone and iMac. So far those two have not received any ‘Australian’ messages. This suggests that the ‘caller’ has found an old address that I use rarely. To confirm your solution I’ll make the ‘missing’ address available on my iPhone too. Once confirmed by the receipt of ‘Australian’ messages I’ll turn it off everywhere.
As to replying, I have no intention of doing so although some of the messages are quite amusing. Fortunately my wife has learnt to check any reply buttons in her emails as we both get scam emails frequently. Some while back my Asustor NAS was attacked by locking the file extensions, fortunately the Mac extensions were not locked. Maybe I’ll regress to hard copy or voice only.
That sounds like a logical conclusion. Spammers frequently buy mailing lists from each other, and they usually don’t care if the addresses they buy are outdated, unused or even invalid.
The replies already posted seem to solve the question sufficiently. I will add my experience for comparison.
One of my email addresses is just my name @ mac.com. I got this long ago when Apple created iTools. It is sort of a unique historical artifact, plus I have never seen any reason to get rid of it. Just saying the address is not a throwaway.
My name is neither common nor unusual. I live in the US. Individuals with the same name are scattered across the US. Family legend says we are descended from one of three brothers who landed at Philadelphia sometime in the 1700s. The origin of the brothers is not included in the family stories. Recently I discovered a web site that summarizes the physical locations of origin of searches for ancestors with my family name. The preponderance of searches, suggesting the most people now, and the most likely origin of the three brothers 300 years ago, is a small region along the coast of a European country.
Many, perhaps most, of the junk emails I have received for 30 years seem to be from sources that guess my name @ mac.com is the address of a person, often in the putative region of my family origin. Some are from banks or businesses, some social. Looking up the location of the banks or businesses confirms they are in the region of interest.
I have never responded nor made any effort to correct this misdirected correspondence. Eventually it stops. Then later, I assume when someone with the same name as mine does something like meeting new friends or registering with a new organization, somewhere the wrong email address is entered and the wrong email starts again.
The weird emails I have received seem explained by innocuous mistakes on the part of the sender(s). In relevance to the original topic, I wonder if somebody somewhere in Australia is still waiting and hoping for a cheeseburger, not giving thought to what a long way home it is from France. A person who signs up for a home loan at 20% interest might also be unreliable in providing a correct email address for contact information.
I suspect your erroneous emails are not necessarily malicious, nor indicative of bugs in the system. More likely they are the product of normal human error.
I have an email address at a major provider that is short (similar to abcd@bigISP.com). It picks up a lot of “random” use. My least nefarious explanation is people who don’t want to give out their real address for retailer coupons, free downloads, discount codes that require signing up for a mailing list, and other single time promotions type a few characters at random and pick the first domain name that pops into their head. These are annoying but are more of a nuisance than a threat to my mind.
From there, the reasons get worse and worse. It could be anything from fraudulent purchases to identity theft. The common thread is a need (say, making a hotel reservation with a stolen credit card or activating a burner cell phone…yes, I’ve had emails for these) to hide one’s real identity and contact details. Scammers have many sources for live email addresses: scraping websites, especially community organization sites run by volunteers, searching social media, stealing online address book entries…the list truly is endless.
I suspect more than a few of us “old timers” fall into similar circumstances. In my case, I have a few ancient accounts of the form lastname-at-domain-dot-com or firstinitial-lastname-at-domain-com. In the Department of Probably Innocent Mistakes, there are a couple of people with the same first-initial-last-name combination who sign up for various services from time to time using my email address. Probably, they just left off a character or a digit when filling in their email addresses. Usually, if the service is something important, like a bank account, I notify their banks immediately, and their banks handle the situation.
There have been a few times when I haven’t been able to get a satisfactory response from the service, and I’ve used my address to login and change the password to the service, even though the ethics of that arguably may be a little dodgy. I regard it as protecting my identity on the Internet.
