そういえば久しぶりにフィッシングメールが来ていたなあ。
Dear Sir/Madam,
We were informed that your card is used by another person or stolen.
It could happen if you have been shopping on-line, and someone got your "Billing information" including your card number.
To avoid and prevent any billing mistakes and to refund your credit card, it is strongly recommended to proceed filling in the
secure form on our site and applying for our Zero Liability program. This program is free and it will help us to investigate this accident.
本文はHTMLで、最後にsubmitボタンがついてて
<FORM target="_blank" action=http://%77%77%77%2E%64%65%6D%6F%73%70%65%6F%70%6C%65%2E%63%6F%6D method="get">
ちなみにコード化してるURLはhttp://www.demospeople.com/というものだ。このドメインは実在するようだ。
で、ヘッダーがこんなの。
(略) Return-Path: <5qbgq5@excite.com> (略) From: Visa ServiceX-Mailer: Microsoft Outlook Express 6.00.2800.1158 Reply-To: Visa Service Organization: Visa International Service X-Priority: 3 (Normal) To: あちきのメアド Subject: Visa Security Update Mime-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit (略)
このvisa-security.comもドメインは取られているようだ。