The other day I received a verification email from Apple notifying me of another email address associated with my Apple ID or account, also including a link to open the settings for checking. Since it wasn't me who added this email address, I immediately thought that some hacker violated my Apple account by adding his email address in order to manage and steal it.
Instinctively, I immediately clicked that link on the email and from the login page I entered the password to check and disable that new address that is not mine.
Well, if I had really done so, I would have handed over the house keys for that account directly to the hacker who sent me the fake email.
The right behavior was to open the Apple account site without clicking any link, log in to check that everything was in place and then, to feel comfortable, change the password with a new one.
What came to me was a phishing email, a scam that is sent to millions of people around the world, which allows cybercriminals to steal very valuable passwords and accounts rich in personal information.
In this article, we see what are the most common types of fake emails and how to clearly recognize a phishing message without a shadow of a doubt, quickly and easily .
READ ALSO: Recognize Email with viruses; 3 ways to infect a computer via email
Let's start with the example of verification emails
Trying to register a new Google or Gmail account you will receive a confirmation email, with a link to click only in case we didn't create it.
If such an email arrives, it means that someone has registered a new account with our email address.
I recently had a Netflix account associated with my email.
Usually, at the bottom of these emails there is a link that asks to be clicked in case we didn't register the account.
But how do we know that that link is good and does not lead to an infected or scammed web page "> Gmail brings up a red padlock, to highlight the security problem.
The red lock does not indicate that an email is a fake or a scam, but it can be a clue.
If the email says it comes from a bank or a major company like Google, Facebook or Apple and is not encrypted, it is 100% scam.
On the other hand, however, if an email is encrypted, it is not necessarily authentic.
Using a different email service to Gmail, if this information described above is missing, you need to find it by opening the message header.
Usually this header is found in the mail options menu.
In Gmail the option is called Show original, while in other services it can be called header or header of the message.
In this header you can read who sent the mail, that is from which mail server.
Regarding encryption, check that it is written (in the case of a message from a company and not from a friend):
Authentication-Results:
dkim =
spf =
SPF indicates by whom it is sent while DKIM tells us by whom it is signed.
Be that as it may, whenever an email arrives requesting to register on a site, register, change password, confirm identity or make interventions on a web account, never click a link, but rather, go directly to the site by manually writing it in a new tab.
Keep in mind that, if suddenly an unsolicited email arrives where a security threat is notified, a change or where any type of intervention on the account is requested, with a link to click, it is always a scam in the 100% of cases .
There is no doubt about this, because the only emails where you need to click on a confirmation link are sent only following a new account registration.
Certainly it can happen that someone uses our email address to register on a website, and even in this case you can ignore the email and click nothing or click where it says " if it wasn't you who signed up ... ".
In any case, in the page that opens you will never have to enter a password.
Second important thing to know is that if an email contains a strange request or it seems unbelievable, 100% is false .
In the example above, if someone had really entered my Apple account, the hacker would have first deleted my email address to prevent me from receiving warnings and then he would also have avoided entering his email address.
Finally, if you want to verify that a link in an email is good, use the following site and link checking services to find out if they are dangerous before clicking them.
