因此,一位朋友最近告诉我,他们收到了一封来自Apple的验证电子邮件,称他们的(Apple)Apple ID中添加了一个新的电子邮件地址。该人知道他们没有添加任何电子邮件地址,并且当他们登录到他们的Apple帐户时,除了他们自己的电子邮件之外,没有其他电子邮件出现。
这位朋友想知道这是一封网络钓鱼电子邮件,还是合法的,但被Apple错误地发送给了他们?好吧(Well),它最终变成了一封假电子邮件,试图让用户点击一个链接,以便他们输入他们的Apple ID凭据。幸运的是,这位朋友没有点击该链接,而是打开了他的浏览器并输入了 iCloud.com 并以这种方式登录。
即使这位朋友收到了网络钓鱼电子邮件,但并非所有验证电子邮件都是假的。在本文中,我将向您展示如何判断电子邮件是否是假的,以及在您不确定时检查您的帐户的最佳做法。
验证电子邮件
尽管我是一名 IT 人员和计算机爱好者,但我自己仍然会被一些电子邮件欺骗。例如,当我第一次收到来自Google的这封电子邮件时,我担心有人试图侵入我的帐户。
这封电子邮件的措辞听起来像是有人创建了一个新的电子邮件帐户并以某种方式将其链接到我的帐户。然后他们可以尝试恢复我的密码并将其发送到这个新的电子邮件地址吗?我不确定,所以我点击了底部的链接,上面说如果你没有创建这个电子邮件地址,那么你可以取消它与你的帐户的链接。
我可能不应该点击电子邮件中的链接,因为当时我真的不知道它是否来自Google。对我来说幸运的是,它是并且电子邮件是无害的。基本上(Basically),当有人创建一个新的Gmail帐户时,他们必须添加一个辅助邮箱地址,该地址有时会被输入错误并因此发送给错误的人。无论如何,在点击此类电子邮件中的任何链接之前,您都必须保持警惕。
如何检查电子邮件(Email)是否真实
为了验证电子邮件的真实性,您必须查看发送电子邮件地址以及电子邮件标题以确保安全。区分真实电子邮件和虚假电子邮件的能力还取决于您的电子邮件客户端。我将在下面进一步解释。
例如,在上面的屏幕截图中,您可以看到电子邮件是从[email protected]发送的。这应该确认该电子邮件确实来自Google,对吗?这要看情况。如果有人设置了一个流氓电子邮件服务器,他们可以发送一封伪造的电子邮件,该电子邮件可以将发送地址显示为[email protected]。即使他们可以伪造这一方面,其余的却无法伪造。
那么,您如何验证电子邮件实际上是从真实来源而不是其他人发送的呢?简单来说,您检查电子邮件标题。这也是电子邮件客户端发挥作用的地方。如果您使用的是Gmail ,只需单击发件人姓名正下方的“显示详细信息”(Show Details)箭头,即可快速验证来源。
重要的部分是邮寄者( mailed- by)、签名者( signed-b)和加密(encryption)。由于这两个字段都显示为google.com,因此该电子邮件确实来自Google。对于声称来自银行或大公司的任何电子邮件,它应该始终具有邮寄者(mailed-by)和签名者(signed-by)字段。可见的邮寄者字段表示电子邮件已通过SPF 身份验证(SPF-authenticated)。可见的签名者字段表示电子邮件是 DKIM 签名的。最后,如果从主要银行或公司发送电子邮件,几乎总是会被加密。
即使这些字段确保电子邮件经过验证,您也需要确保它是由假定发送它的同一家公司验证的。例如,由于这封电子邮件来自Google,它应该为这两个字段显示 google.com,它确实如此。一些垃圾邮件发送者已经变得聪明了,他们签署并验证了他们自己的电子邮件,但它与实际的公司不符。我们来看一个例子:
如您所见,这封电子邮件应该来自ICICI银行,但该电子邮件地址会自动对电子邮件的真实性产生怀疑。域名是 seajin.chtah.com,而不是与银行名称相关的任何内容,听起来很垃圾。该电子邮件确实具有邮寄者和签名者字段,但同样,它不是银行域。最后,电子邮件没有加密,这又很阴暗。
这是另一封电子邮件,其中有一个邮寄者字段,并且已加密,但肯定不是来自Microsoft。如您所见,该域不是Microsoft.com,而是一些闻所未闻的域。验证电子邮件时,请始终检查发送电子邮件地址是否来自您认为来自的公司,即[email protected],并且 邮寄(mailed-by)和签名(signed-by)来自电子邮件地址的后半部分,即paypal.com .
让我们再看一个例子,这可能有点令人困惑。
在这里,我有一封来自一家名为Actiontec的公司的电子邮件,但它是VIA actiontecelectronics.onmicrosoft.com。它还由 actiontecelectronics.onmicrosoft.com 签名并已加密。在这种情况下,这意味着该电子邮件是由第三方电子邮件服务发送的,它不一定是经过身份验证的。在这种情况下,公司将Office 365用于他们的公司电子邮件,这就是从该域发送电子邮件的原因。
尽管上述电子邮件是合法的,但标头中的信息并不能保证该电子邮件是安全的。您最好的选择是确保第三方电子邮件服务也是一家信誉良好的大公司。在这种情况下,它来自Microsoft。最后,如果有人真的想伪造另一个电子邮件地址,谷歌(Google)可能会告诉你并给你这样的警告:
或者是这样的:
如果您收到任何这些警告,那么您根本不应该相信这些电子邮件。您可能想知道如果您没有使用Gmail并且没有在网络浏览器中查看电子邮件,该怎么办?好吧,在这些情况下,您必须查看完整的电子邮件标题。只需谷歌(Just Google)您的电子邮件提供商名称,后跟“查看电子邮件标题(view email header)”。例如,Google Outlook 2016 查看电子邮件标头(Outlook 2016 view email header)以获取该客户端的说明。
完成此操作后,您希望在Authentication Results标题下搜索以下文本:
spf=pass
dkim=pass
spf 行相当于Gmail中的 mailed-by 字段,dkim 相当于signed-by。它应该看起来像这样:
同样,即使两个项目都有PASS,您也需要确保它是针对真实域的,而不是垃圾邮件发送者可能使用的假域。如果您想详细了解Gmail中的电子邮件身份验证,请查看以下链接:
https://support.google.com/mail/answer/180707?hl=en
https://support.google.com/mail/troubleshooter/2411000?hl=en&ref_topic=3395029
https://support.google.com/mail/answer/1311182?hl=en
在测试了多项服务之后,这也是我坚持使用Gmail而不是其他电子邮件客户端的原因,也是我特别使用 Web 界面的原因,因为它提供了更多的保护层,否则您将无法获得。
最后,您应该养成使用浏览器手动访问网站而不是单击电子邮件中的链接的习惯。即使您知道电子邮件是安全的,这也是一种确定您没有访问某些恶搞网站的可靠方法。如果电子邮件中有必须点击的链接,请确保在输入任何登录详细信息或其他敏感信息之前检查浏览器地址栏中的URL 。如果您有任何问题,请随时发表评论。享受!
How to Tell if an Email is Fake, Spoofed or Spam
So a friend recently told me that they got a verіfication email from Apple ѕtating that a new email addrеss had been added to their Apple ID. Τhe person knew that they didn’t add any email address аnd whеn they logged into their Applе account, no other email other than their own wаs showіng up.
The friend wanted to know whether this was a phishing email or was it legitimate, but sent to them incorrectly by Apple? Well, it ended up being a fake email that was trying to get the user to click on a link so that they would enter their Apple ID credentials. Luckily, the friend didn’t click the link, but instead opened his browser and typed in iCloud.com and logged in that way.
Even though this friend received a phishing email, not all verification emails are fake. In this article, I’ll show you how you can tell whether the email is fake or not and the best practice for checking your account if you’re not sure.
Verification Emails
Even though I’m an IT guy and overall computer geek, I still get spoofed by some emails myself. For example, the first time I got this email from Google, I was worried someone was trying to hack into my account.
The wording of this email makes it sound like someone created a new email account and somehow linked it to my account. Could they then try to recover my password and get it sent to this new email address? I wasn’t sure, so I clicked on the link at the bottom, which states that if you didn’t create this email address, then you can unlink it from your account.
I probably shouldn’t have clicked the link in the email since I didn’t really know at that moment if it was from Google or not. Luckily for me, it was and the email was harmless. Basically, when someone creates a new Gmail account, they have to add a recovery email address, which sometimes gets mistyped and hence sent to the wrong person. In any case, you do have to be vigilant before clicking on any link in these types of emails.
How to Check if an Email is Authentic
In order to verify an email as authentic, you have to look at the sending email address and also the email header to be really safe. The ability to distinguish between a real email and a fake one also depends on your email client. I’ll explain further below.
For example, in the above screenshot, you can see that the email was sent from [email protected]. This should confirm that the email is really from Google, correct? Well, it depends. If someone sets up a rogue email server, they can send a fake email that can show the sending address as [email protected]. Even though they can fake this aspect, the rest cannot be faked.
So how do you verify that an email is actually being sent from the real source and not someone else? In simple terms, you check the email header. This is also where the email client comes into play. If you are using Gmail, you can verify the source very quickly by simply clicking on the Show Details arrow directly below the name of the sender.
The important sections are mailed- by, signed-by and encryption. Since it says google.com for both of these fields, the email is truly from Google. For any email that claims to come from a bank or big company, it should always have the mailed-by and signed-by fields. A visible mailed-by field means that email was SPF-authenticated. A visible signed-by field means the email was DKIM-signed. Lastly, the email will almost always be encrypted if sent from a major bank or company.
Even though these fields ensure the email was verified, you need to make sure it was verified by the same company supposedly sending it. For example, since this email is from Google, it should say google.com for the two fields, which it does. Some spammers have gotten smart and sign and verify their own emails, but it won’t match the actual company. Let’s take a look at an example:
As you can see, this email is supposedly from ICICI bank, but the email address automatically casts doubt on the authenticity of the email. Instead of anything related to the bank name, the domain is seajin.chtah.com, which is very spammy sounding. The email does have the mailed-by and signed-by fields, but again, it’s not the bank domain. Lastly, there is no encryption on the email, which is very shady again.
Here’s another email where there is a mailed by field and it was encrypted, but is certainly not from Microsoft. As you can see, the domain is not Microsoft.com, but some unheard of domain. When verifying emails, always check that the sending email address is from the company you believe it is from, i.e. [email protected] and that mailed-by and signed-by are from the latter part of the email address, i.e. paypal.com.
Let’s look at one more example, which can be a little confusing.
Here, I have an email from a company called Actiontec, but it is VIA actiontecelectronics.onmicrosoft.com. It’s also signed by actiontecelectronics.onmicrosoft.com and has been encrypted. In this case, it means that the email is being sent by a third-party email service, which can’t necessarily be authenticated. In this case, the company is using Office 365 for their company email and that’s why it’s being sent from that domain.
Even though the above email is legitimate, the information in the header does not guarantee that the email is safe. You best option here is to make sure the third-party email service is also a large reputable company. In this case, it’s from Microsoft. Lastly, if someone is really trying to fake another email address, Google will probably be able to tell and give you a warning like this:
Or something like this:
If you ever get any of these warnings, then you shouldn’t trust the emails at all. You might be wondering what to do if you’re not using Gmail and if you’re not looking at the email in the web browser? Well, in those cases, you have to view the full email header. Just Google your email provider name followed by “view email header“. For example, Google Outlook 2016 view email header to get instructions for that client.
Once you do that, you want to search for the following pieces of text under the heading Authentication Results:
spf=pass
dkim=pass
The spf line is equivalent to the mailed-by field in Gmail and dkim is equivalent to signed-by. It should look something like this:
Again, even if both items have PASS, you need to make sure it’s for the real domain, not the fake one the spammer may be using. If you want to read more about email authentication in Gmail, check out these links below:
https://support.google.com/mail/answer/180707?hl=en
https://support.google.com/mail/troubleshooter/2411000?hl=en&ref_topic=3395029
https://support.google.com/mail/answer/1311182?hl=en
After testing multiple services, it’s also the reason why I stick with Gmail over other email clients and why I specifically use the web interface because it provides many more layers of protection that you otherwise wouldn’t get.
Lastly, you should make it a habit of going to the browser and manually visiting a website rather than clicking on the link in the email. Even if you know the email is safe, it’s a sure-fire way of knowing you’re not visiting some spoof website. If there is a link in an email that must be clicked, make sure to check the URL in the address bar of your browser before you enter any login details or other sensitive information. If you have any questions, feel free to comment. Enjoy!
