Haddaba saaxiib ayaa dhawaan ii sheegay in ay Apple ka heleen email xaqiijin ah oo sheegaya in ciwaan cusub lagu soo daray Apple ID . Qofku waxa uu ogaa in aanay ku darin wax ciwaan ah oo marka ay gasho akoonkiisa Apple , ma jiro email kale oo aan iyaga ahayn oo soo baxay.

Saaxiibku waxa uu rabay in uu ogaado in tani ay tahay iimaylka phishing-ka ama ay tahay mid sharci ah, laakiin ay si khaldan ugu soo dirtay Apple ? Hagaag^(Well) , waxay ku dhammaatay inay noqoto email been abuur ah oo isku deyayay in isticmaaluhu uu gujiyo xiriiriyaha si ay u galaan aqoonsigooda aqoonsiga Apple^{(Apple ID)} . Nasiib wanaag, saaxiibkii muu riixin linkiga, balse taa beddelkeeda waxa uu furay browser-kiisa oo uu ku qoray iCloud.com oo uu sidaas ku galay.

In kasta oo saaxiibkani uu helay iimaylka phishing-ka, dhammaan imayliyada xaqiijinta maaha kuwo been abuur ah. Maqaalkan, waxaan ku tusi doonaa sida aad u sheegi karto in iimaylka uu been abuur yahay iyo in kale iyo habka ugu fiican ee lagu hubin karo akoonkaaga haddii aadan hubin.

Xaqiijinta iimaylada

In kasta oo aan ahay nin IT ah iyo guud ahaan geek kombuyuutarka, haddana aniga qudhayda ayaa iimayllada qaarkood igu caayaan. Tusaale ahaan, markii ugu horeysay ee aan emailkan ka helay Google , waxaan ka walwalsanaa qof isku dayaya inuu jabsado akoonkayga.

Erayga iimaylkan waxa uu ka dhigayaa sidii qof samaystay email cusub oo si uun ugu xidhay akoonkayga. Miyay markaas isku dayi karaan inay soo ceshadaan eraygaaga sirta ah oo loo diro iimaylkan cusub? Maan hubin, markaa waxaan gujiyay linkiga hoose, kaas oo sheegaya in haddii aanad samayn emailkan, markaa waxaad ka saari kartaa akoonkaaga.

Waxay u badan tahay inaanan gujin xiriirka emaylka maadaama aanan runtii ogeyn waqtigaas inay ka timid Google iyo in kale. Nasiib wanaag aniga, waxay ahayd oo iimaylka wax dhib ah ma lahayn. Asal ahaan^(Basically) , marka qof sameeyo xisaab Gmail cusub , waa inay ku daraan ciwaanka soo kabashada, kaas oo mararka qaarkood si khaldan loo qoro oo markaa loo diro qof khaldan. Si kastaba ha ahaatee, waa inaad foojignaataa ka hor intaadan gujin xidhiidh kasta oo ku jira iimayladan oo kale.

Sida loo hubiyo in iimaylku^(Email) sax yahay

Si aad u xaqiijiso iimaylka inuu sax yahay, waa inaad eegtaa ciwaanka iimaylka lagu soo dirayo iyo waliba madaxa iimaylka si aad u noqoto mid badbaado leh. Awoodda lagu kala saari karo iimaylka dhabta ah iyo kan been abuurka ah waxay sidoo kale ku xidhan tahay macmiilkaaga iimaylka. Hoos ayaan ku sharxi doonaa.

Tusaale ahaan, sawirka kore, waxaad arki kartaa in iimaylka laga soo diray [email protected] . Tani waa inay xaqiijisaa in iimaylka uu runtii ka yimid Google , sax? Waa hagaag, waxay kuxirantahay. Haddii qof uu dejiyo server-ka iimaylka ah, waxay soo diri karaan iimayl been abuur ah oo tusi kara ciwaanka diritaanka wax kasta [email protected]. Inkasta oo ay ka been sheegi karaan dhinacan, inta kale lama been abuuri karo.

Haddaba sidee ku xaqiijin kartaa in iimaylka dhab ahaantii laga soo diray isha dhabta ah ee aan cid kale laga soo dirin? Erayada fudud, waxaad hubisaa madaxa iimaylka. Tani sidoo kale waa halka macmiilka iimaylka uu soo galo ciyaarta. Haddii aad isticmaalayso Gmail , waxaad si degdeg ah u xaqiijin kartaa isha adiga oo si fudud u gujinaya fallaadha Faahfaahinta^{(Show Details)} ee si toos ah uga hooseeya magaca soo-diraha.

Qaybaha muhiimka ah waxa lagu soo diraa-^{( mailed- by)} , saxeex -b^{( signed-b)} y iyo sir^(encryption) . Maaddaama ay leedahay google.com labadan goobood, iimaylka run ahaantii wuxuu ka yimid Google . Iimayl kasta oo sheeganaya inuu ka yimid bangi ama shirkad weyn, waa inuu had iyo jeer lahaadaa meelaha lagu soo diro^(mailed-by) oo saxeexan^(signed-by) . Goob la arki karo oo lagu soo diray waxay ka dhigan tahay in iimaylka la xaqiijiyay SPF^{(SPF-authenticated)} . Meesha la arki karo ee saxeexan macnaheedu waa iimaylka waxa saxeexay DKIM. Ugu dambayntii, iimaylka ku dhawaad ​​had iyo jeer waa la sir doona haddii laga soo diro bangi ama shirkad weyn.

In kasta oo meelahan ay hubiyaan iimaylka la xaqiijiyay, waxaad u baahan tahay inaad hubiso inay xaqiijisay isla shirkaddii loo malaynayay inay soo dirtay. Tusaale ahaan, maadaama iimaylkani uu ka yimid Google , waa inay ku tidhaahdaa google.com ee labada goobood, taas oo ay samaynayso. Spammers Qaar ka mid ah waxay heleen caqli badan oo saxeex oo xaqiijiyaan iimaylkooda, laakiin kuma ekaan doonto shirkadda dhabta ah. Aan tusaale u soo qaadano:

Sida aad arki karto, iimaylkan waxa loo malaynayaa in uu ka yimid bangiga ICICI , laakiin ciwaanka iimaylka waxa uu si toos ah shaki gelinayaa saxnimada iimaylka. Halkii wax kasta oo la xidhiidha magaca bangiga, domainku waa seajin.chtah.com, taas oo ah dhawaaq aad u xun. Iimaylku waxa uu leeyahay meelaha lagu soo diro iyo kuwa saxeexan, laakiin mar labaad, maaha qaybta bangiga. Ugu dambayntii, ma jiro wax sir ah oo ku jira iimaylka, kaas oo mar kale hadh badan.

Waa kan iimaylo kale oo ay ku jirto meel lagu soo diray oo la siryay, laakiin xaqiiqdii maaha mid ka timid Microsoft . Sida aad arki karto, domain-ku maaha Microsoft.com , laakiin qaar aan la maqal domain. Markaad xaqiijinayso iimaylka, had iyo jeer hubi in ciwaanka iimaylka ah uu ka yimid shirkadda aad aaminsan tahay inay ka timid, ie [email protected] iyo kuwa  boostada lagu soo diro^(mailed-by) iyo kuwa saxeexay ay^(signed-by) yihiin qaybta dambe ee ciwaanka iimaylka, ie paypal.com .

Aan eegno hal tusaale oo kale, kaas oo noqon kara wax yar oo jahawareer ah.

Halkan, waxaan ku haystaa iimaylka shirkad la yiraahdo Actiontec , laakiin waa VIA actiontecelectronics.onmicrosoft.com . Waxa kale oo saxeexay actiontecelectronics.onmicrosoft.com oo waa la siray. Xaaladdan oo kale, waxay la macno tahay in iimaylka uu soo dirayo adeeg iimaylka dhinac saddexaad ah, kaas oo aan si dhab ah loo xaqiijin karin. Xaaladdan oo kale, shirkaddu waxay u adeegsanaysaa Office 365 iimaylka shirkadooda waana sababta looga soo diray boggaas.

Inkasta oo iimaylka sare uu yahay mid sharci ah, xogta ku jirta madaxa ma dammaanad qaadayso in iimaylka ammaan yahay. Xulashada ugu fiican halkan waa inaad hubiso in adeegga iimaylka ee dhinac saddexaad uu sidoo kale yahay shirkad weyn oo sumcad leh. Xaaladdan oo kale, waxay ka timid Microsoft . Ugu dambeyntii, haddii qof runtii isku dayayo inuu been abuur ku sameeyo ciwaan kale, Google waxay u badan tahay inay awoodi doonto inay kuu sheegto oo ku siiso digniin sidan oo kale ah:

Ama wax sidan oo kale ah:

Haddii aad waligaa hesho mid ka mid ah digniinahaas, markaa waa inaadan ku kalsoonayn iimayllada gabi ahaanba. Waxaa laga yaabaa inaad la yaaban tahay waxa la sameeyo haddii aanad isticmaalayn Gmail iyo haddii aanad ka eegin iimaylka browserka webka? Hagaag, xaaladahaas, waa inaad aragto cinwaanka emailka buuxa. Kaliya Google^{(Just Google)} -ga magaca bixiyahaaga iimaylka oo uu ku xigo " view header email^{(view email header)} ". Tusaale ahaan, Google Outlook 2016 eeg cinwaanka iimaylka^{(Outlook 2016 view email header)} si aad u hesho tilmaamo macmiilkaas.

Markaad taas sameyso, waxaad dooneysaa inaad raadiso qoraallada soo socda ee hoos yimaada ciwaanka Natiijooyinka Xaqiijinta^{(Authentication Results)} :

spf=pass

dkim=pass

Xariiqda spf waxay u dhigantaa goobta boostada lagu soo diro ee Gmail iyo dkim waxay u dhigantaa saxiix. Waa inay u ekaato sidatan:

Mar labaad, xitaa haddii labaduba ay leeyihiin PASS , waxaad u baahan tahay inaad hubiso inay u tahay domainka dhabta ah, ma aha mid been abuur ah oo spamer-ku isticmaali karo. Haddii aad rabto inaad wax badan ka akhrido xaqiijinta iimaylka ee Gmail , ka hubi xidhiidhadan hoose:

https://support.google.com/mail/answer/180707?hl=en

https://support.google.com/mail/troubleshooter/2411000?hl=en&ref_topic=3395029

https://support.google.com/mail/answer/1311182?hl=en

Kadib tijaabinta adeegyo badan, sidoo kale waa sababta aan ugu dhejiyay Gmail macaamiisha kale ee iimaylka iyo sababta aan si gaar ah ugu isticmaalo interface interface sababtoo ah waxay bixisaa dhowr lakab oo badan oo ilaalin ah oo aadan heli doonin.

Ugu dambeyntii, waa inaad caado ka dhigtaa inaad aado browserka oo aad gacanta ku booqato mareegaha halkii aad gujin lahayd xiriirka emailka. Xitaa haddii aad ogtahay in iimaylka uu nabdoon yahay, waa dariiqa hubaal ah ee lagu ogaanayo inaadan booqanin qaar ka mid ah mareegaha xatooyada ah. Haddii uu jiro xiriir ku jira iimaylka oo ay tahay in la gujiyo, hubi inaad hubiso URL -ka ku yaal ciwaanka biraawsarkaaga ka hor intaadan gelin wax faahfaahin ah oo gal ama macluumaad kale oo xasaasi ah. Haddii aad wax su'aalo ah qabtid, xor u noqo inaad faallo ka bixiso. Ku raaxayso!

How to Tell if an Email is Fake, Spoofed or Spam

So a friend recently told me that they got a νеrification email from Apple stating that a new email address had been added to their Apple ID. The pеrson knew that they didn’t add any emaіl address and when they logged into their Apple account, no other email other than their own was showing up.

The friend wanted to know whether this was a phishing email or was it legitimate, but sent to them incorrectly by Apple? Well, it ended up being a fake email that was trying to get the user to click on a link so that they would enter their Apple ID credentials. Luckily, the friend didn’t click the link, but instead opened his browser and typed in iCloud.com and logged in that way.

Even though this friend received a phishing email, not all verification emails are fake. In this article, I’ll show you how you can tell whether the email is fake or not and the best practice for checking your account if you’re not sure.

Verification Emails

Even though I’m an IT guy and overall computer geek, I still get spoofed by some emails myself. For example, the first time I got this email from Google, I was worried someone was trying to hack into my account.

The wording of this email makes it sound like someone created a new email account and somehow linked it to my account. Could they then try to recover my password and get it sent to this new email address? I wasn’t sure, so I clicked on the link at the bottom, which states that if you didn’t create this email address, then you can unlink it from your account.

I probably shouldn’t have clicked the link in the email since I didn’t really know at that moment if it was from Google or not. Luckily for me, it was and the email was harmless. Basically, when someone creates a new Gmail account, they have to add a recovery email address, which sometimes gets mistyped and hence sent to the wrong person. In any case, you do have to be vigilant before clicking on any link in these types of emails.

How to Check if an Email is Authentic

In order to verify an email as authentic, you have to look at the sending email address and also the email header to be really safe. The ability to distinguish between a real email and a fake one also depends on your email client. I’ll explain further below.

For example, in the above screenshot, you can see that the email was sent from [email protected]. This should confirm that the email is really from Google, correct? Well, it depends. If someone sets up a rogue email server, they can send a fake email that can show the sending address as [email protected]. Even though they can fake this aspect, the rest cannot be faked.

So how do you verify that an email is actually being sent from the real source and not someone else? In simple terms, you check the email header. This is also where the email client comes into play. If you are using Gmail, you can verify the source very quickly by simply clicking on the Show Details arrow directly below the name of the sender.

The important sections are mailed- by, signed-by and encryption. Since it says google.com for both of these fields, the email is truly from Google. For any email that claims to come from a bank or big company, it should always have the mailed-by and signed-by fields. A visible mailed-by field means that email was SPF-authenticated. A visible signed-by field means the email was DKIM-signed. Lastly, the email will almost always be encrypted if sent from a major bank or company.

Even though these fields ensure the email was verified, you need to make sure it was verified by the same company supposedly sending it. For example, since this email is from Google, it should say google.com for the two fields, which it does. Some spammers have gotten smart and sign and verify their own emails, but it won’t match the actual company. Let’s take a look at an example:

As you can see, this email is supposedly from ICICI bank, but the email address automatically casts doubt on the authenticity of the email. Instead of anything related to the bank name, the domain is seajin.chtah.com, which is very spammy sounding. The email does have the mailed-by and signed-by fields, but again, it’s not the bank domain. Lastly, there is no encryption on the email, which is very shady again.

Here’s another email where there is a mailed by field and it was encrypted, but is certainly not from Microsoft. As you can see, the domain is not Microsoft.com, but some unheard of domain. When verifying emails, always check that the sending email address is from the company you believe it is from, i.e. [email protected] and that mailed-by and signed-by are from the latter part of the email address, i.e. paypal.com.

Let’s look at one more example, which can be a little confusing.

Here, I have an email from a company called Actiontec, but it is VIA actiontecelectronics.onmicrosoft.com. It’s also signed by actiontecelectronics.onmicrosoft.com and has been encrypted. In this case, it means that the email is being sent by a third-party email service, which can’t necessarily be authenticated. In this case, the company is using Office 365 for their company email and that’s why it’s being sent from that domain.

Even though the above email is legitimate, the information in the header does not guarantee that the email is safe. You best option here is to make sure the third-party email service is also a large reputable company. In this case, it’s from Microsoft. Lastly, if someone is really trying to fake another email address, Google will probably be able to tell and give you a warning like this:

Or something like this:

If you ever get any of these warnings, then you shouldn’t trust the emails at all. You might be wondering what to do if you’re not using Gmail and if you’re not looking at the email in the web browser? Well, in those cases, you have to view the full email header. Just Google your email provider name followed by “view email header“. For example, Google Outlook 2016 view email header to get instructions for that client.

Once you do that, you want to search for the following pieces of text under the heading Authentication Results:

spf=pass

dkim=pass

The spf line is equivalent to the mailed-by field in Gmail and dkim is equivalent to signed-by. It should look something like this:

Again, even if both items have PASS, you need to make sure it’s for the real domain, not the fake one the spammer may be using. If you want to read more about email authentication in Gmail, check out these links below:

https://support.google.com/mail/answer/180707?hl=en

https://support.google.com/mail/troubleshooter/2411000?hl=en&ref_topic=3395029

https://support.google.com/mail/answer/1311182?hl=en

After testing multiple services, it’s also the reason why I stick with Gmail over other email clients and why I specifically use the web interface because it provides many more layers of protection that you otherwise wouldn’t get.

Lastly, you should make it a habit of going to the browser and manually visiting a website rather than clicking on the link in the email. Even if you know the email is safe, it’s a sure-fire way of knowing you’re not visiting some spoof website. If there is a link in an email that must be clicked, make sure to check the URL in the address bar of your browser before you enter any login details or other sensitive information. If you have any questions, feel free to comment. Enjoy!

Related posts

• Sida loo ogaado Computer & Email Monitoring ama Basaas Software

• Waa maxay macnaha BCC iyo CC? Fahamka Emailka aasaasiga ah ee Lingo

• Sida loo hubiyo haddii xiriirku yahay spam ama badbaado in la gujiyo

• Sida Amazon loogu arko faallooyin been abuur ah

• Habka ugu Wanaagsan ee loogu Beddelayo Ciwaanka Cusub ee iimaylka

• Sida maqaal loogu dhejiyo Linkedin (iyo waqtiyada ugu fiican ee la dhejiyo)

• Qof ma ogaan karaa markaan furay iimaylkooda?

• Sida Loo Helo Maalmaha Dhalashada Facebook-ga

• 10ka Hab ee ugu Wanaagsan ee Ilmaha lagu Cadayn karo Kombayutarkaga

• 5-ta Hab ee ugu Wanaagsan ee lagu Helo Ciwaanka Iimeylka ee Qof

• Sida loo Isticmaalo Tags Discord Spoiler

• Sida Spotify Looga Dhigo Cod Dheeraad Iyo Cod Wanaagsan

• Sida loogu shubo Roku TV ka PC ama Mobile

• Sida Loo Helo Mareeg Been Abuur ah Ama Isku-dayga Fiishka Xiliga Fasaxa

• Tignoolajiyada Bandhiga Flat Panel La Demystified: TN, IPS, VA, OLED iyo in ka badan

• OLED vs MicroLED: Ma tahay inaad sugto?

• 7 Degdeg ah Hagaajinta Marka Minecraft uu sii wado shil

• Sida Loo Sameeyo Ciwaanka Iimaylkaaga Shakhsi ahaaneed ee Domain Your gaar ah

• Ma bedeli kartaa Magacaaga Twitch? Haa, Laakin ka digtoonow

• Sida Loo Hubiyo Dhammaan Xisaabaadka Iimaylkaaga Gmail