iCloudを装ったスパムメールが届いた。
つい最近iCloudを装ったスパムメールが届いた。 そのスパムメールについて情報を残しておくので、 類似のメールが届いた方は参考にしてほしい。
目次
スパムメール文面の画像キャプチャ
メールのソース
To: *******@****.**** Subject: i.Cloud : We have faced some problems with your account. 06/06/2020 12:40:06 X-PHP-Script: music4asianweddings.co.uk/niko.php for 197.26.58.67 X-PHP-Originating-Script: 1007:niko.php MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: <*******@****.****> Message-Id: <E1jhMsY-0005rk-NV@cloud.styleoccasions.co.uk> Date: Sat, 06 Jun 2020 01:40:06 +0100 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cloud.styleoccasions.co.uk X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [1007 1009] / [47 12] X-AntiAbuse: Sender Address Domain - cloud.styleoccasions.co.uk X-Get-Message-Sender-Via: cloud.styleoccasions.co.uk: authenticated_id: msodha6/only user confirmed/virtual account not confirmed X-Authenticated-Sender: cloud.styleoccasions.co.uk: msodha6 <tbody><tr><td colspan="3" height="6"></td></tr><tr style="line-height:0px;"><td width="100%" style="font-size:0px;" align="center" height="1"><img width="40px" style="max-height:73px;width:40px;" alt="" src="https://cdn1.iconfinder.com/data/icons/metro-uinvert-dock/128/OS_Apple.png"></td></tr><tr><td><table cellpadding="0" cellspacing="0" style="line-height:25px;" border="0" align="center"><tbody><tr><td colspan="3" height="30"></td></tr><tr><td width="36"></td> <td width="454" align="left" style="color:#444444;border-collapse:collapse;font-size:11pt;font-family:proxima_nova, 'Open Sans', 'Lucida Grande', 'Segoe UI', Arial, Verdana, 'Lucida Sans Unicode', Tahoma, 'Sans Serif';max-width:454px;" valign="top">Hi User,<br><br>We have <span><font>fa</font></span>ced some pro<span><font>ble</font></span>ms with your ac<span><font>cou</font></span>nt. A<span>s<font> a r</font>e</span>s<span>u<font>l</font>t, your a</span>c<span>c<font>o</font>u</span>n<span>t has <font>been t</font>e</span>m<span>p<font>or</font>ai</span>ly s<span>u<font>s</font>p</span>e</font>n<font>d</font>ed.</p> <b>what you must do ?</b><br> <p align="justify" style="PADDING-LEFT:30px;PADDING-RIGHT:30px;FONT-FAMILY:Arial;COLOR:#6E6E6E;FONT-SIZE:12px;font-weight:bold"> <span style="padding:5px 9px 5px 9px;BACKGROUND-COLOR:#fff;border-radius:20px;border:1px solid #6E6E6E">1</span><span style="padding-left:10px"> C<span>l<font>i</font>c</span>k on the B<span>u<font>t</font>t</span>on B<span>e<font>l</font>l</span>o<span>w<span><font></font></span></p> </span> </p> <p align="justify" style="PADDING-LEFT:30px;PADDING-RIGHT:30px;FONT-FAMILY:Arial;COLOR:#6E6E6E;FONT-SIZE:12px;font-weight:bold"> <span style="padding:5px 9px 5px 9px;BACKGROUND-COLOR:#fff;border-radius:20px;border:1px solid #6E6E6E">2</span><span style="padding-left:10px"> E<span>n<font>t</font>e</span>r y<span>o<font>u</font>r</span> e<span>m<font>a</font>i</span>l and p<span><font>a</font></span>s<span>s<font>w</font>o</span>rd</p></span> </p> <p align="justify" style="PADDING-LEFT:30px;PADDING-RIGHT:30px;FONT-FAMILY:Arial;COLOR:#6E6E6E;FONT-SIZE:12px;font-weight:bold"> <span style="padding:5px 9px 5px 9px;BACKGROUND-COLOR:#fff;border-radius:20px;border:1px solid #6E6E6E">3</span><span style="padding-left:10px"> E<span>n<font>t</font>e</span>r y<span>o<font>u</font>r</span> b<span>i<font>l</font>l</span>i<span>ng<font> ad</font>d</span>r<span>e<font>s</font>s</span></p></span> </p> <p align="justify" style="PADDING-LEFT:30px;PADDING-RIGHT:30px;FONT-FAMILY:Arial;COLOR:#6E6E6E;FONT-SIZE:12px;font-weight:bold"> <span style="padding:5px 9px 5px 9px;BACKGROUND-COLOR:#fff;border-radius:20px;border:1px solid #6E6E6E">4</span><span style="padding-left:10px"> E<span>n<font>t</font>e</span>r your p<span>a<font>y</font>m</span>e<span>n<font>t</font> de</span>ta<span>i<font>l</font>s ( <span>c<font>r</font>e</span>d<span>i<font>t / </font>d</span>e<span><font>b</font>i</span>t <span>) card<font></p> </p> <br><center><a style="border-radius:3px;box-shadow:inset 0 1px 0 #6D6E72, inset 1px 0 0 #6D6E72;color:white;font-size:15px;padding:14px 7px 14px 7px;max-width:280px;font-family:proxima_nova, 'Open Sans', 'lucida grande', 'Segoe UI', arial, verdana, 'lucida sans unicode', tahoma, sans-serif;border:1px #6D6E72 solid;text-align:center;text-decoration:none;width:280px;display:block;background-color:#6D6E72;" href="https://evn503.com/wp-content/themes/twentytwenty/classes/02/redirect-new.php" target="_blank">Verify your account </a> <br> <span style="color: #FF0000; font-family: Lucida Sans Unicode; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: 21px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(255, 255, 255)"> <font size="2"> Notice: If this email was sent to you in your Junk or Spam folder please mark it as not spam due to our new security update.</font></span></p> </center> <br>Thanks!<br>- A<span>p<font>p</font>l</span>e<span> T<font>e</font>a</span>m</p></td> <td width="36"></td> </tr><tr><td colspan="3" height="36"></td></tr></tbody></table></td></tr></tbody><br><br><br>06/06/2020 12:40:06
スパムメールのリンク先のURLをチェック!
「Verify your account」ボタンのhrefには下記URLが設定されている。
https://evn503.com/wp-content/themes/twentytwenty/classes/02/redirect-new.php
URLが安全かどうか判定してくれるトレンドマイクロのサイトがあるので、そちらでスパムメールのボタン設定されていたURLをチェックしてみる。
global.sitesafety.trendmicro.com
結果は黒でした。
ま、スパムメールに限らずリンク先が怪しい場合はこの手のサイトでチェックしてからリンク先アクセスするのが良いと思う。