Not Me

A screenshot of an iMessage thread between my account and an unknown Houston number. On the right side of the thread, a blue bubble containing a single character: "E". Marked Read by the recipient. Followed by a reply from the recipient's side: "Yo."

I did not send this message.

This is meaningfully different from everything else in this record. Every other entry in the storm — the hop-seeding openers, the phantom accounts, the bad-attacher PDF — documents inbound targeting. Someone is doing something to my number. The "E" is outbound. It went out of my own iMessage account. To a recipient I have no relationship with. Who replied as though they recognized the channel.

The set of mechanisms that produce an outbound iMessage I did not author is small. iMessage is bound to an Apple ID and runs only on devices currently signed into that Apple ID with two-factor confirmation. Outbound impersonation here implies one of:

• An Apple device I do not own or recall is signed into my Apple ID and authoring messages.
• My Apple ID credentials are in someone else's possession and they signed in on a device of their own.
• A device I once owned and gave away, sold, or lost remains signed into my account.
• A pairing I once authorized — a relay through a Mac, an iPad, an old phone — is still active and someone has access to it.

I have no recollection of authorizing the device that sent this. I have no relationship to the recipient. The recipient's "Yo" reads as a recognition of an expected channel, not a response to a misdirected character.

This is filed here as a single artifact. The audit work it implies — review of every device currently linked to my Apple ID, every recent sign-in, every paired Mac and iPad — belongs in the outbound-impersonation tactic entry and in the defensive techniques set, both of which will be filled in in turn.