![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1OzCyBqV7lBKYMSHrJTEjqvXeGExvk-0M8zfWx_JMOfudcXkgUlcwgyJqa-Mh8adkE06sYBzqH4Y4Z00OZF4bqUJTcHbo9wKOWBTP01ClbWoa7Osv8Wl3TNEl8GVsrLN6wbF37QGWYwQ/s1600/g-phishmail-1.png)
出現在 MSN 信箱裡的一封郵件。還記得「電子郵件警覺性觀念」嗎?應該很容易分辯吧!但是...我還是點選了連結,才發覺不對勁的。這就是人性的弱點,同樣一個動作做一百次,總是會有一次失誤~~
不會是傳說中「高度精密的攻擊」吧!!XD
先看看 Mail Header...
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWRKV3T5GDxeeoHU_U6QNxdA4aEM8sQnZOZrBYJE7wf6yxBTJlDG7d4QZt553f7Cfdr82YJebxBmGKnyV74sI7CxGFmRQi3vn1c_RnJ6_fZnMM_zWKQotYODXLxQKVnH3fflVw8Doh6FQ/s1600/g-phishmail-2.png)
IP Information - 211.239.151.232
IP address: 211.239.151.232
Reverse DNS: [Unknown]
Reverse DNS authenticity: [Unknown]
ASN: 9848
ASN Name: GNGAS (Enterprise Networks)
IP range connectivity: 1
Registrar (per ASN): APNIC
Country (per IP registrar): KR [Korea-KR]
Country Currency: KRW [Korea (South) Won]
Country IP Range: 211.192.0.0 to 211.255.255.255
Country fraud profile: Normal
City (per outside source): Unknown
Country (per outside source): -- []
Private (internal) IP? No
IP address registrar: whois.apnic.net
Known Proxy? No
Link for WHOIS: 211.239.151.232
嗯嗯,發信 IP 是 KR 來著。更加確認是釣魚郵件。
Phishing Mail 裡的連結聯到哪裡呢?畫面是不是相當熟悉呢?
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGrWFtNBUWHh-1uNAu6KjgQLtDE8ThLQpgq9qSG2HNOTr6x3bFgBDFSPqGqSKCLK-moUNMEm5IvpafukiZi6HsJNYZxrLuiZNivkRPteS0i9sjOqb33fhsMfjZUx-NEgChVaqmPLTFEZ8/s1600/g-phishmail-3.png)
但千萬要注意,它是一個釣魚網站,專門騙帳號密碼來著的,這個當然是騙取 gmail 的帳密。注意到它的網址嗎?「mail-google.dontexist.com」這跟 google 差很大吧!是個動態網域來著。目前對應的IP:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikt8sWj5Zi7wEqY-FIPtkeYD5ZyGaB62FRCl3YvLauUBZW-fpWa2tLfOKhafmlHVtVXm-3wkjrFUZkjnBn7JUmCu_7wkuS4CrslJBUh1pbIDPYgZ_E3eYQk7_36JnInSivy73j14TffVs/s1600/g-phishmail-4.png)
IP Information - 60.190.222.142
IP address: 60.190.222.142
Reverse DNS: [No reverse DNS entry per ns.zjnbptt.net.cn.]
Reverse DNS authenticity: [Unknown]
ASN: 4134
ASN Name: CHINANET-BACKBONE (No.31,Jin-rong Street)
IP range connectivity: 20
Registrar (per ASN): APNIC
Country (per IP registrar): CN [China]
Country Currency: CNY [China Yuan Renminbi]
Country IP Range: 60.160.0.0 to 60.191.255.255
Country fraud profile: Normal
City (per outside source): Beijing, Beijing
Country (per outside source): CN [China]
Private (internal) IP? No
IP address registrar: whois.apnic.net
Known Proxy? No
Link for WHOIS: 60.190.222.142
這應該就知道帳密會騙到哪了吧!
如要山寨各大入口網站的登入畫面,這不會太難的,況且還有現成的工具包幫你做呢?
只要手法細緻一點,往往能騙倒一堆人。
你分辨出來了嗎?
0 篇回應 :
張貼留言