そういえば久しぶりにフィッシングメールが来ていたなあ。

Dear Sir/Madam,
We were informed that your card is used by another person or stolen.
It could happen if you have been shopping on-line, and someone got your "Billing information" including your card number.
To avoid and prevent any billing mistakes and to refund your credit card, it is strongly recommended to proceed filling in the
secure form on our site and applying for our Zero Liability program. This program is free and it will help us to investigate this accident.

本文はHTMLで、最後にsubmitボタンがついてて

＜FORM target="_blank" action=http://%77%77%77%2E%64%65%6D%6F%73%70%65%6F%70%6C%65%2E%63%6F%6D method="get"＞

ちなみにコード化してるURLはhttp://www.demospeople.com/というものだ。このドメインは実在するようだ。
で、ヘッダーがこんなの。

（略）
Return-Path: <5qbgq5@excite.com>
（略）
From: Visa Service 
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Reply-To: Visa Service 
Organization: Visa International Service
X-Priority: 3 (Normal)
To: あちきのメアド
Subject: Visa Security Update
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
（略）

このvisa-security.comもドメインは取られているようだ。