cogito ergo sum
World of Warcraft のフィッシングメール
Gmailの迷惑メール内にフィッシングメールが届いてました。
WoW(World of Warcraft)のアカウント盗む目的だろうと思われますが、hotmailアカウントから送信された単なるFrom詐取メールだったのでGoogleが以下の警告文を表示していました。
警告: このメールは、送信者情報が変更されている可能性があります。リンクの操作や送信者への個人情報の提供は、慎重に行ってください。
まともなフィッシングメールを受診したのは始めてですが、正規のURLを2回続けて、最後にフィッシングサイトへ誘導、ぱっと見でわかりにくいものですね、意識して見てないと誤って踏んでしまうのもうなずけます。
ちなみに、以下にほぼ原文のまま転載していますが、15行目のus.battle.comがフィッシングサイトです、該当のURLを踏んでもDNSエラーですが、念のためにhだけ抜いてあります。
Greetings , We have determined that your World of Warcraft account has been accessed/compromised by someone not authorized to do so by the World of Warcraft Terms of Use (http://www.worldofwarcraft.com/legal/termsofuse.html). To protect your privacy and security, we have temporarily disabled this account. Any recurring subscriptions have been suspended to prevent further monetary charges. In order to regain access to the account, you must complete the steps below to secure the account and your computer. Please keep this email for your reference until the account recovery process has been completed. STEP 1: SECURE THE ACCOUNT, YOUR COMPUTER AND YOUR EMAIL ADDRESS Account compromises most often occur when a player shares login information with an unauthorized third party or plays on a computer that has a virus, Trojan, or key-logger. We recommend following the http://us.battle.net/security/checklist.html on our Account Security site at http://us.battle.net/security/index.html. STEP 2: RECOVER THE ACCOUNT We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions: ttp://us.battle.com/account/support/password-reset-confirm.htm?ticket=BC9E6EFC85206C409C5A42AE45F2373752E47BCA161020F76C40DC2D8C7 STEP 3: VERIFY YOUR SUBMISSION WAS RECEIVED We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above. Please be aware that if unauthorized access to this account continues after the recovery process is complete, it may lead to further action against the account. Regards, Neil G. Game Master Bahrdrak Customer Services Blizzard Entertainment
参考までにヘッダ情報も載せておきますが、こちらは本文と違って、突っ込みどころ満載です。
Delivered-To: gen****@gmail.com Received: by 10.229.234.78 with SMTP id kb14cs254900qcb; Wed, 21 Jul 2010 12:07:11 -0700 (PDT) Received: by 10.213.25.143 with SMTP id z15mr696896ebb.68.1279739230568; Wed, 21 Jul 2010 12:07:10 -0700 (PDT) Return-Path: <chrisluxus@hotmail.com> Received: from blu0-omc1-s17.blu0.hotmail.com (blu0-omc1-s17.blu0.hotmail.com [65.55.116.28]) by mx.google.com with ESMTP id x59si20552179eeh.33.2010.07.21.12.07.09; Wed, 21 Jul 2010 12:07:10 -0700 (PDT) Received-SPF: pass (google.com: domain of chrisluxus@hotmail.com designates 65.55.116.28 as permitted sender) client-ip=65.55.116.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of chrisluxus@hotmail.com designates 65.55.116.28 as permitted sender) smtp.mail=chrisluxus@hotmail.com Received: from BLU0-SMTP7 ([65.55.116.7]) by blu0-omc1-s17.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 21 Jul 2010 12:06:37 -0700 X-Originating-IP: [222.69.163.68] X-Originating-Email: [chrisluxus@hotmail.com] Message-ID: <BLU0-SMTP7C6E7105E892131256AC4CBA10@phx.gbl> Return-Path: chrisluxus@hotmail.com Received: from knouuvhg ([222.69.163.68]) by BLU0-SMTP7.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Wed, 21 Jul 2010 12:06:35 -0700 Reply-To: <wowaccountadmin@blizzard.com> From: "WoWAccountAdmin@blizzard.com" <wowaccountadmin@blizzard.com> To: <gen****@gmail.com> Subject: World of Warcraft Account Security verification Date: Thu, 22 Jul 2010 03:06:24 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0DBA_019BD792.1D52B630" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-OriginalArrivalTime: 21 Jul 2010 19:06:35.0943 (UTC) FILETIME=[D7099370:01CB2907] This is a multi-part message in MIME format. ------=_NextPart_000_0DBA_019BD792.1D52B630 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64
コメントを残す