The text is taken from the famous answer: Lessons learned and misconceptions regarding encryption and cryptology: Don't use encryption without message authentication
Alternatively, you can apply your own message authentication, as follows. First, encrypt the message using an appropriate symmetric-key encryption scheme (e.g., AES-CBC). Then, take the entire ciphertext (including any IVs, nonces, or other values needed for decryption), apply a message authentication code (e.g., AES-CMAC, SHA1-HMAC, SHA256-HMAC), and append the resulting MAC digest to the ciphertext before transmission. On the receiving side, check that the MAC digest is valid before decrypting. This is known as the encrypt-then-authenticate construction. (See also: 1, 2.) This also works fine, but requires a little more care from you.
Is it really correct? If an attacker changes a ciphertext, he can just generate a new MAC for that ciphertext and append that instead of a previous MAC. No? Shouldn't you use MAC on a plain text?