So a friend recently told me that they received a confirmation email from Apple saying that a new email address had been added to their Apple ID. The person knew that he had not added any email address, and when he logged into his Apple account, no other email address other than his own was displayed.
A friend wanted to know if it was a phishing email or was it legitimate but sent to them incorrectly from Apple? Well, it ended up with a fake email in which users tried to click a link to enter their Apple ID credentials. Luckily, the friend didn’t click the link, but instead opened their browser, typed in iCloud.com, and signed in the same way.
Even though this friend received the phishing email, not all confirmation emails are fake. In this article, I’ll show you how to find out if an email is fake or not, and the best way to verify your account if you’re not sure.
Verification letters
Even though I am an IT guy and a computer fanatic, some emails deceive me. For example, when I first received this email from Google, I was worried that someone was trying to hack my account.
The wording of this letter sounds like someone created a new email account and somehow linked it to my account. Can they try to recover my password and send it to this new email address? I was not sure, so I clicked on the link at the bottom, which says that if you didn’t create this email address, you can disconnect it from your account.
I probably shouldn’t have clicked on the link in the email, since at that moment I really didn’t know if it was from Google or not. Luckily for me, that was the case, and the letter turned out to be harmless. Usually, when someone creates a new Gmail account, they have to add a backup email address, which is sometimes misspelled and therefore sent to the wrong person. In any case, you should be vigilant before following any link in such emails.
How to validate an email
To verify the authenticity of an email, you must verify the sender’s address as well as its header to be safe. The ability to tell a real letter from a fake one also depends on your email client. I’ll explain in more detail below.
For example, in the above screenshot, you can see that the email was sent from mail-noreply@google.com. This should confirm that the email is indeed from Google, right? Depends. If someone sets up a rogue mail server, they may send a fake email that might include any@google.com as the sending address. Even if they can fake this aspect, everything else cannot be faked.
So how do you check if an email is actually sent from a real source and not from someone else? Simply put, you are checking the email header. This is where the email client comes into play. If you are using Gmail, you can very quickly check the source by simply clicking the Show Details arrow right below the sender’s name.
Important sections are mailed, signed and encrypted. Since google.com is written in both of these fields, the email is indeed from Google. Any email that purportedly comes from a bank or large company must always contain fields to send and sign. A visible field to send means the email has passed SPF authentication. A visible signature field means the email was signed by DKIM. Finally, an email will almost always be encrypted if sent by a large bank or company.
While these fields ensure that the email has been verified, you need to make sure that it was verified by the same company that allegedly sent it. For example, since this is an email from Google, two fields should say google.com, which is. Some spammers are quick-witted and sign and verify their own emails, but this is not true for the real company. Let’s see an example:
As you can see, this letter is allegedly from the ICICI bank, but the email address automatically casts doubt on the authenticity of the letter. Instead of everything related to the name of the bank, the domain seajin.chtah.com is used, which is very similar to spam. The email has fields for sending and signing, but again, this is not the bank’s domain. Finally, there is no encryption in the email, which is again highly questionable.
Here’s another email that has a field mailed to it and it was encrypted, but it’s definitely not from Microsoft. As you can see, this is not Microsoft.com, but some unheard of domain. When checking emails, always make sure that the sending email address belongs to the company you think it belongs to, i.e. any@paypal.com , and the sent and signed address is from the last part of the address email, such as paypal.com .
Let’s look at another example that can be a little confusing.
I have an email from Actiontec, but this is VIA actiontecelectronics.onmicrosoft.com. It is also signed by actiontecelectronics.onmicrosoft.com and is encrypted. In this case, it means that the email is being sent by a third party email service that may not necessarily be authenticated. In this case, the company uses Office 365 as their corporate email, and therefore it is sent from that domain.
Although the above letter is legal, the information in the header does not guarantee its security. Your best bet here would be to make sure the third party email service is also a large reputable company. In this case, it’s from Microsoft. Finally, if someone is really trying to spoof another email address, Google can probably let you know and warn you like this:
Or something like this:
If you ever receive any of these alerts, it is not worth trusting emails at all. You might be wondering what to do if you are not using Gmail and are not viewing the email in a browser? Well, in such cases, you need to view the full email header. Just google the name of your email provider and then “view email header”. For example, Google Outlook 2016 looks at the header of an email message to get instructions for that client.
After that, you will want to find the following pieces of text under the heading “Authentication Results”:
spf = pass
dkim = pass
The spf string is equivalent to the mailed-by field in Gmail, and dkim is the equivalent to signed-by. It should look something like this:
Again, even if both items have PASS, you need to make sure that this is a real domain and not a fake one that a spammer might be using. If you’d like to learn more about Gmail Email Authentication, follow these links below:
https: //support.google.com/mail/ansver/180707? hl = en
https: //support.google.com/mail/trubleshoter/2411000? chl = en & ref_topic = 3395029
https: //support.google.com/mail/ansver/1311182? hl = en
After testing several services, this is also the reason why I prefer Gmail to other email clients and why I specifically use the web interface because it provides many more layers of protection that you would not otherwise get.
Finally, you should make it a habit to go into a browser and manually visit a website, rather than clicking on a link in an email. Even if you know this email is safe, this is a surefire way to know that you are not visiting some fake website. If the email contains a link that you need to click, be sure to check the URL in your browser’s address bar before entering any login details or other sensitive information. If you have any questions, do not hesitate to comment. Enjoy!
–