꿈을꾸는 파랑새

오늘은 글로벌 쇼핑몰 솔루션, 클라우드, 웹호스팅, 서버호스팅, 광고∙마케팅, 도메인 등 다양한 서비스를 원스톱으로 제공하는 대한민국의 글로벌 전자상거래 플랫폼 기업인 카페24 사칭 피싱 메일-xxx 서비스가 차단될 예정입니다.!!(2024.7.24)에 대해 글을 적어 보겠습니다.해당 eml 를 제공해주신 바이올렛 님 감사합니다.
일단 해당 메일의 내용은 다음과 같습니다.

카페 24 피싱 메일
카페 24 피싱 메일

아침이에요,
귀하의 도메인 이름 ???????이 오래된 결제 정보로 말미암아 정지되었습니다. 서비스에 대한 중단 없는 액세스를 복원하려면 직접 결제 링크를 방문하여 결제 정보를 수동으로 업데이트하세요.
hxxps://cafe24(.)com/???
링크 만료일: 2024년 7월 25일
------------------------------- 
작성을 완료하지 못한 경우 지정된 날짜까지 거래가 이루어지지 않으면 서비스가 영구적으로 중단됩니다. 
질문이 있거나 도움이 필요하면 지원팀에 문의하세요. 
이메일: support@cafe24(.)com
-------------------------------
이라고 되어져 있습니다.

이메일 헤더 내용

Return-path: <reion-homes@www5146(.)sakura(.)ne(.)jp>
Received: from [?] (?])
by mail1.??(.)com ([?])
with ESMTP id 1721800001.241478.139??52416.mail1
for <???.co(.)kr>;  Wed, 24 Jul 2024 14:46:41 +0900 (KST) ,
from [133.167(.)8.56] ([133.167(.)8.56])
by inbound2.????(.)com ([192~~])
with ESMTP id 1721800000.573803.139662878496.inbound2
for <???@?????(.)co(.)kr>;Wed, 24 Jul 2024 14:46:40 +0900 (KST) ,
from www5146(.)sakura(.)ne.jp (localhost [127(.).0.1])
by www5146(.)sakura(.)ne.jp (8(.)16.1/8(.)16.1)
with ESMTP id 
or <???>; Wed, 24 Jul 2024 14:46:40 +0900 (JST)
(envelope-from reion-homes@www5146().sakura(.)ne(.)jp),(from reion-homes@localhost)
by www5146(.)sakura(.)ne(.)jp (8.16(.)1/8.16(.)1/Submit) id 46O5ke0649;Wed, 24 Jul 2024 14:46:40 +0900 (JST)(envelope-from reion-homes)
Date: Wed, 24 Jul 2024 14:44:17 +0900
To: ???@?????.co.kr
From: =?UTF-8?Q?=C2=A9cafe24?= <info@cafe24(.)com>
Subject:????
X-TERRACE-DUMMYSUBJECT: Terrace Spam system                                  *
Message-ID: <667c6da2acc666c0fb6ab90394fa1506@cafe24(.)com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="11f1b4f7dc9859c2c15f5cf0be1f5b070"
Content-Transfer-Encoding: 8bit
X-TERRACE-SPAMMARK: NO (SR:3.00)
(by Terrace)                                                   
X-TERRACE-SID: 1721800001.241478.139795873052416(.)mail1

설명

이메일 헤더 분석
1.Return-Path
Return-path:<reion-homes@www5146(.)sakura(.)ne(.)jp>
이메일 발신자의 주소로 메일이 전달되지 않을 때 반송 메일을 받을 주소
reion-homes@www5146(.)sakura(.)ne(.)jp 라는 이메일 주소에서 발신
도메인 sakura(.)ne(.)jp 는 일본의 호스팅 서비스인 사쿠라 인터넷(Sakura Internet)에서 제공하는 서비스 도메인
2. Received 헤더
Received 헤더는 이메일이 거쳐 간 서버의 경로를 역순으로 나타냄
Received from:10(.)0(.)7(.)24 by mail1(.)??(.)com
발신 IP: [10(.)0(.)7(.)24] (로컬 네트워크 IP로 외부에서는 확인 불가)
수신 서버: mail1(.)??(.)com (마스크 된 도메인)
전송 시간:Wed, 24 Jul 2024 14:46:41 +0900 (KST)
Received from:133(.)167(.)8.56 by inbound2(.)????(.)com
발신 IP:133(.)167(.)8.5 6
수신 서버:inbound2(.)????(.)com (마스크된 도메인)
전송 시간: Wed, 24 Jul 2024 14:46:40 +0900 (KST)
133(.)167(.)8(.)56 는 실제 외부 IP 주소 해당 IP가 일본의 IP인지를 확인하여 발신 지역을 추정할 수 있음
Received from:localhost 127(.)0(.)0(.)1
by www5146(.)sakura(.)ne(.)jp
발신 서버:www5146(.)sakura(.)ne(.)jp
수신 서버:localhost [127(.)0(.)0.1] (로컬 서버)
전송 시간:Wed, 24 Jul 2024 14:46:40 +0900 (JST)
localhost 는 발신 서버 내부에서 이메일이 생성
Received from*:localhost [127(.)0.0(.)1]
by www5146(.)sakura(.)ne(.)jp
발신 정보가 반복되어 표시됨
전송 시간: Wed, 24 Jul 2024 14:46:40 +0900 (JST)
로컬 서버에서 발신된 이메일
3.스팸 필터 정보
X-TERRACE-SPAMMARK:NO (SR:3.00)
스팸 필터에서 스팸으로 분류되지 않았음을 나타냄
SR(Spam Rating) 점수가 3.00으로, 스팸 확률이 낮다고 평가
개인정보 입력하게 하는 사이트
hxxps://drfelipefeitoza(.)com(.)br/wp
피싱(Phishing)에 당하지 않는 방법은 이메일 주소 와 그리고 링크 주소를 자세하게 확인하는 습관과 그리고 기본적인 보안 수칙을 지키는 것이 안전하게 개인정보를 지킬 수가 있습니다.

반응형
그리드형

공유하기

facebook twitter kakaoTalk kakaostory naver band