『ご購入いただきありがとうございます 』というメールが来ました。
サイトに行くとAppleのサイトっぽい偽サイト。メールのヘッダは、
Return-Path: <3AqQOXiwJAHskdssdq-hmenqlZshnmtocZsdlZhkZclhmhc652761816bn0-io.ld@maestro.bounces.google.com>
X-Original-To: name@example.com
Delivered-To: name@example.com
Received: from asmail1.u-netsurf.ne.jp (unknown [202.233.3.31])by fam-mb.u-netsurf.ne.jp (Postfix) with ESMTP id EE4B6210425Efor
IronPort-SDR: 2FgEb4owB6xlbBUWXmt5RiOpiQPAe+rVERzW1y1RPZnBxuA3ZrQboUe+gAi8vObc/K14x23bg4H9h0TaYytOSZtWEbwKN6gztpo2SLElL5c=
X-SBRS: 2.7
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C1sADuoQ5ef0fbVdFmHAEBASgBBwEBAQUBBAQBAYFiAUpYGwIBgVJUMyqECIEcjQh0MQGBa4RJlHcMgTUvAQEBNQgBAYFwglAZNQEBB4EUJDgTAgMBAQsBAQQBAQECAQUEFAEBCQsLCCeFQAxCAQEECwGBVQGDTAERHQEBOBg3DQIEMgEFAREkIoMBgncPj0CBXYM6A4l0gQM9ghGJFYEygn4BAQWBNQGBBIMLgWIHCRKBDRUCAQEBjBaBBIEWgykCgzICZwECARqBDCdBIIJDEQaCLRoHgToCAQEBiQSEFqA3AQYCCYIuhzOOZhuaV4NHk12SHTKBRoF6TYIRBw4agR8JRxgNjUobgyCDcRiGSkQvAQEwg1SEZYQWgkIBAQ
X-IPAS-Result: A0C1sADuoQ5ef0fbVdFmHAEBASgBBwEBAQUBBAQBAYFiAUpYGwIBgVJUMyqECIEcjQh0MQGBa4RJlHcMgTUvAQEBNQgBAYFwglAZNQEBB4EUJDgTAgMBAQsBAQQBAQECAQUEFAEBCQsLCCeFQAxCAQEECwGBVQGDTAERHQEBOBg3DQIEMgEFAREkIoMBgncPj0CBXYM6A4l0gQM9ghGJFYEygn4BAQWBNQGBBIMLgWIHCRKBDRUCAQEBjBaBBIEWgykCgzICZwECARqBDCdBIIJDEQaCLRoHgToCAQEBiQSEFqA3AQYCCYIuhzOOZhuaV4NHk12SHTKBRoF6TYIRBw4agR8JRxgNjUobgyCDcRiGSkQvAQEwg1SEZYQWgkIBAQ
Received: from mail-qv1-f71.google.com ([209.85.219.71])by asmail1.u-netsurf.ne.jp with ESMTP; 03 Jan 2020 11:16:35 +0900
Received: by mail-qv1-f71.google.com with SMTP id v3so23129782qvm.2for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;d=co1-jp.me; s=google;h=mime-version:reply-to:message-id:date:subject:from:to;bh=SXL6XRe+8uZegYfWLzh5O9QGzuMir8YlbtVlFvdxrSo=;b=P3l0DRhM3tUUGExY6r/W1EkYSEpHVIgxMV4eL40vCEiB/Y2KWDx1MBD1UN4tMIN68wr4qAvTC4IVLOXsyXTD6fZEAxPEs5dN/xjvrVpNfZDHDTjxpCCHCXVNN8GYqBWKRbU/vkt/QEMnjD58CkXJV0E/3tH806poQ8Hkz6W6EGVaZieolrtmnhSSD/Ny5EtKFoK0KMCpXIWV7XIp9SQMXsJDF7ZmMCGA/9qaTNxncH7b8uVk65xxuPoZYByhSGg1jUJUEgVTXTI6puL5xGd+JXEm51JpwQTBFF6EZUQCfSq6bkXI9SWdAYsDaVOStuwJSQvQ4+VpfFAQzvsRZDDZcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;d=1e100.net; s=20161025;h=x-gm-message-state:mime-version:reply-to:message-id:date:subject:from:to;bh=SXL6XRe+8uZegYfWLzh5O9QGzuMir8YlbtVlFvdxrSo=;b=djRORE4c7/VBt2uGJul1RqDY/8wWO0uiDIc5xx6HfogV5vIqERCi2HAQJsySXMttB++tLi2LusByJ8MC+mYXlKJdfOo05NzET15g7k8URwb9u3I90XDqUtSOeIZXGhF5xFjkpZwPzC7de6VO7/RAA0Ores9PBkkM+WlAdIeS5SX6tYRki3L5F5B2MwuMN7HSSXSazU0QhQNBq0UWVvS/nh9yqbLE9wudne37XNb4o+Pz16MJVbxIilgcDQeCpUv7NYX7j6pgMHnpi13qC/+yWNAq4bzXjz5qm8IVhtwMlXirFHifoOv64Rvnbs07Z3jfibTL3OjMz2TKyiPH3xRK5w==
X-Gm-Message-State: APjAAAVcjoQ9z1F684MIc6HH3V/H85ZJr+haG57Xw7Fz/q1DIg/NWqDA7AQgM43CXpwyb24Wev8S8EkzIWpj0uWh
X-Google-Smtp-Source: APXvYqxK0Xtv2EGtqPooiVVVOH6WKlSuxbQK5NgqKQYMDrhYABCa6fg10w9ubZbX3i/Tg7Eekbg+boL31Q==
MIME-Version: 1.0
X-Received: by 2002:aed:24c7:: with SMTP id u7mr61918037qtc.335.1578017794267;Thu, 02 Jan 2020 18:16:34 -0800 (PST)
Reply-To: no_reply@apple.com
Message-ID: <00000000000013a6b8059b32e637@google.com>
Date: Fri, 03 Jan 2020 02:16:34 +0000
Subject: ご購入いただきありがとうございます “InstaSize Premium (3 month)”
From: App Store
To: name@example.com
Content-Type: multipart/alternative; boundary=”00000000000013a6a0059b32e634″
(自分のメアドは、name@example.comに変換済み。下記サイトのデフォルト)
導かれるサイトは、https://webapps3.ddnservmail8476876.co.jp.1as2488dqs.com/session/?view=login&appIdKey=3e36d74ad4c9413&country=JP
(クリックしない方が良いでしょう)
country=JPをcountry=usと変えると、一応英語表記になりますが、カーソルを入力位置の上に置いた際のコメントは日本語のまま。
http://1as2488dqs.com/は絶対詐欺サイト!
jan.3 ’20
0件のコメント