阿碼外傳-阿碼科技非官方中文 Blog: 2010/1/16

2010年1月16日

歷久不衰的詐騙郵件(Phishing Mail)-騙取帳密


出現在 MSN 信箱裡的一封郵件。還記得「電子郵件警覺性觀念」嗎?應該很容易分辯吧!但是...我還是點選了連結,才發覺不對勁的。這就是人性的弱點,同樣一個動作做一百次,總是會有一次失誤~~
不會是傳說中「高度精密的攻擊」吧!!XD

先看看 Mail Header...

IP Information - 211.239.151.232
IP address: 211.239.151.232
Reverse DNS: [Unknown]
Reverse DNS authenticity: [Unknown]
ASN: 9848
ASN Name: GNGAS (Enterprise Networks)
IP range connectivity: 1
Registrar (per ASN): APNIC
Country (per IP registrar): KR [Korea-KR]
Country Currency: KRW [Korea (South) Won]
Country IP Range: 211.192.0.0 to 211.255.255.255
Country fraud profile: Normal
City (per outside source): Unknown
Country (per outside source): -- []
Private (internal) IP? No
IP address registrar: whois.apnic.net
Known Proxy? No
Link for WHOIS: 211.239.151.232
嗯嗯,發信 IP 是 KR 來著。更加確認是釣魚郵件。

Phishing Mail 裡的連結聯到哪裡呢?畫面是不是相當熟悉呢?

但千萬要注意,它是一個釣魚網站,專門騙帳號密碼來著的,這個當然是騙取 gmail 的帳密。注意到它的網址嗎?「mail-google.dontexist.com」這跟 google 差很大吧!是個動態網域來著。目前對應的IP:

IP Information - 60.190.222.142
IP address: 60.190.222.142
Reverse DNS: [No reverse DNS entry per ns.zjnbptt.net.cn.]
Reverse DNS authenticity: [Unknown]
ASN: 4134
ASN Name: CHINANET-BACKBONE (No.31,Jin-rong Street)
IP range connectivity: 20
Registrar (per ASN): APNIC
Country (per IP registrar): CN [China]
Country Currency: CNY [China Yuan Renminbi]
Country IP Range: 60.160.0.0 to 60.191.255.255
Country fraud profile: Normal
City (per outside source): Beijing, Beijing
Country (per outside source): CN [China]
Private (internal) IP? No
IP address registrar: whois.apnic.net
Known Proxy? No
Link for WHOIS: 60.190.222.142
這應該就知道帳密會騙到哪了吧!

如要山寨各大入口網站的登入畫面,這不會太難的,況且還有現成的工具包幫你做呢?
只要手法細緻一點,往往能騙倒一堆人。

你分辨出來了嗎?

繼續閱讀全文...