Skip to content

How to recognize a fake PEC

Rate this post

How to recognize a fake PEC: There PEC, ie certified e-mail, is used more and more by companies and individuals for important communications, such as sending invoices to a customer. This, however, has also given rise to a worrying phenomenon: the increase in false PEC communications that can cause damage to those who receive them.

If you are reading this right now, it is because you have probably received a PEC from an address you do not know and you are wondering if it is a legitimate address or if it is a fake PEC. First of all, I advise you not to open it, instead take a few minutes to read all my guide, where I will show you all the steps necessary to understand how to recognize a fake PEC (or at least to dispel such doubts as far as possible).

So don’t delay: arm yourself with patience and start reading. You will discover the best course of action in such cases and you will be able to nip any attempts by malicious people in the bud. Are you ready? Then I wish you a good read!

Preliminary information

The Web has always been an extremely useful place to find information and access services, however pitfalls are around the corner and e-mails that attempt to extract information from individuals have been around for a long time and users have learned in many cases to defend yourself from them. On the other hand, when electronic exchanges are carried out via certified e-mail, we tend to let our guard down, since it is assumed that the accounts that use them are all of people or companies with a verified identity: this is technically true, but 1) it is not impossible to allocate PEC accounts to send spam or telematic fraud attempts (perhaps by illegally entering into the possession of legitimate accounts of other people) 2) many PEC services allow the receipt of emails from non-certified addresses, which it exposes them to the risk of spam / scams as much as those of “ordinary” e-mail.

In my humble opinion it is a mistake to note why even the PEC boxes can end up in the crosshairs of malicious peoplewhich they try to send spam or – even worse – apply techniques of phishing. If you have never heard of phishing, you should know that it is an attempted extortion, aimed at obtaining personal data, password and other sensitive information to the victim.

The operation usually involves sending an e-mail with a link inside that refers to a platform that resembles that of a specific institution, which can therefore be banking, corporate or institutional. On this page you are asked to enter your personal data to update the database or to log in, however, the data entered will be sent to third parties, who will thus have the necessary information to act undisturbed.

In other cases, however, as for some fake PEC, there may be a file to download, passed off as one invoice or a important document. The user, by downloading and opening it, starts malicious scripts that can give access to their computer remotely. For this reason, before downloading any file from a suspicious PEC, you need to investigate the sender, and that’s exactly what I’m going to tell you in the following chapters.

How to recognize a fake PEC

If generic e-mail addresses cannot always be verified and therefore it is necessary to adopt tricks and investigate carefully, the same cannot be said of the PEC. Since certified emails from businesses and government institutions need to be placed in records that are accessible online, verifying them is simple, doesn’t take too long and can instantly return the information you need.

How you do it? For example, using sites such as INIPEC And Business Register, the first made available by the Ministry of Economic Development, the second by the Chambers of Commerce. But be careful, getting a negative result on these services does not automatically mean that the e-mail received is attributable to a phishing or scam attempt: it could be a PEC of private citizens (whose addresses are not included in the aforementioned public directories). What can be done in this case? I’ll tell you about it in dedicated chapter. But let’s go in order.

How to recognize a fake PEC with INIPEC

check pec with inipec

INIPEC is the site made available to users by the Ministry of Economic Development and contains all the addresses of Italian professionals and companies. This is updated regularly and can be used without any registration.

To find out if the PEC address you received is false or not, then go to the INIPEC official websitethen you have to choose whether to search for the PEC of Professionals or Businessesby clicking on the option you prefer.

In both cases, inserting the PEC address in the appropriate box and checking the item I am not a robotyou can click on the button Search for PEC below, obtaining a positive result, with all the information of the sender, or a negative result (which, as mentioned, does not automatically determine the lack of authenticity of the address sought).

How to recognize a false PEC with the Business Register

check certified company register

Using the official website with the data of the Chambers of Commerce, users can find certified e-mails and information on companies located on the Italian territory. Also in this case, as happens for INIPEC, no registration is required to use the service. I must warn you, however, that through the Register of Companies it is not possible to enter the PEC address to trace the company but the search will be a little more laborious.

You must first look for the company name within the PEC you received and, if this is not present, you will have to extrapolate it from the information contained therein. To find it, I suggest you take a look atemail address o check the data present in the closing. If there is the name of the manager who contacted you, you can search for the individual online, perhaps on LinkedInto trace the company for which he works.

When have you managed to get the first name of the company, then go to the official website of the Business Register and you will immediately find the search field where to enter the first name of the company or activity. After typing it, just click on the button Search for to get a list of companies with that specific name.

To find the PEC, click on result that interests you and, on the next page, to the item Digital domicile / PEC you will find a button that says Exhibition: by clicking on it, a pop-up window will open with the address and you can compare it with that of the PEC received. If the company does not have a PEC, under Digital domicile / PEC you will find written Not present (even in this case, a negative result will not automatically determine the non-authenticity of the address searched).

How to recognize a false PEC coming from private individuals

private pec

If your search through INIPEC and the Register of Companies has not borne fruit, do not panic: it is not yet certain that the e-mail received is really a False PECit could in fact belong to a private citizen.

At the moment there is still no official government register that collects the PEC boxes of all Italian citizens, so it is not possible to carry out a simple and immediate search through specific portals such as INIPEC or the Business Register. You will therefore have to take on the role of detective and start investigating using the web.

First, try to Google the PEC address you are suspicious of. Among the results you could get official profiles, perhaps of Facebook or LinkedIn, to immediately trace the person who sent you the e-mail. If this attempt turns out to be a hole in the water and you can’t find any information about it, you will need to read the PEC carefully to try to extrapolate as much detail as possible.

Check for names And surnames as well as addresses, through which you can carry out targeted searches on Google or on social networks. For more details I am sending you to take a look at my guide on how to search for a person on the Internet and how to search for a PEC address.

What to do in case of receiving e-mails from a fake PEC

false email receipt

After trying everything, you have not been able to find a reliable source and you have therefore come to the conclusion that the email received is a fake PEC. How should you behave in this case? Before making drastic decisions, I recommend that you privately contact companies and people with whom you have interacted recently, asking for explanations on any communications sent via PEC address.

If even these turn out to be unaware of everything, then you can take all the necessary precautions. First, I recommend that you block the sender, this way you will no longer receive e-mails from that address. If you don’t know how to do it, you can find the procedure based on your provider in the guide that I linked to you just now. At this point, all you have to do is remove the email received and, if necessary, empty the trash as well certified e-mail to make sure you don’t accidentally click on it again.

Do not download or open the attachment present in the PEC for any reason. It is generally thought that only files with the extension .exe or .dmg are malicious applications, however, cybercriminals can hide codes and scripts in any type of file, even a simple Word document.

After having ascertained that the PEC is false, you must consider the files inside it as potentially harmful, therefore, while understanding your curiosity, I invite you not to interact with these documents. For more information, see my guide on how to check attachments and links.

In case you have clicked on the attachment and think that your computer is now infected with a virus, I invite you to take a look at the specific tutorials on how to remove viruses from your PC and how to report an online scam.