Getting a "note to self" email you didn't send is a common extortion or phishing scam. Scammers use a technique called spoofing to manipulate the "From" field, making it look like the message came from your own account to scare you into thinking you've been hacked.

Advertisements - Continue reading below

Scam Variations

  • Sextortion: The sender claims to have recorded you via your webcam while you were watching adult content.
  • Account Breach: They claim to have installed malware (like "Pegasus") on your device and demand a ransom in Bitcoin to prevent leaking your data.
  • Service Updates: Some look like legitimate notifications (e.g., Netflix or TV Licensing) but are sent from "you" to bypass spam filters.

Verify it's a Fake

  1. Check your "Sent" folder: Since these are spoofed from external servers, the email will not appear in your actual sent items.
  2. View Message Source: In Outlook or Gmail, you can "View Original" or "Message Source" to see the real sender's IP address and hidden email.
  3. Look for "Unverified" Banners: Modern email clients often flag these spoofed messages with a warning because they fail security checks like SPF or DKIM.

What to Do

  • Do NOT pay or reply: Responding confirms your email is active, making you a target for more spam.
  • Mark as Spam/Junk: This helps train your email provider's filters to catch similar spoofs in the future.
  • Secure your account: If you're worried, change your password and ensure Two-Factor Authentication (2FA) is enabled for peace of mind.
  • Report it: You can report these scams to the Federal Trade Commission (FTC).