꿈을꾸는 파랑새

오늘은 중국 2023년 개인소득세 신고에 관한 공지 사칭 피싱 메일에 대해 분석을 해 보겠습니다.
일단 개인적으로 중국어를 전혀 하지 못하는 관계로 일단 OCR를 떠서 내용을 적어 봅니다.
일단 해당 이메일에 적혀져 있는 내용은 다음과 같습니다.

피싱 메일에 포함된 이메일 내용
피싱 메일에 포함된 이메일 내용

国家税努总局文件
政策编号:【2023】10
2023年针对个人所得税申报通知
为切166护纳税人合法权益,进一步落实好专项附加扣除政策,根据个人所得税法及其
实施条例和税收管理法及其实施细则有关规定,现就办理2023年度综合个人所得税汇算清 缴申报工作有关事项通知如下:
一、申报丨[^对象:全体员工。
二、办理方式:支付宝/微信扫码进入税努大厅/彳^程序办里
三、申请成功后,将返还近三年内所缴纳个税金额百分之七十。
四、逾期未办理将影响征信系统!收到通知后尽快办理。
力^汇篝清激时间:2023年12月1日至12月30曰期间无需预约,可直接办理^
支付宝7微信扫码进入」瑕序在线办理
구글 번역기의 도움을 받아서 번역을 하면 다음과 같이 번역을 할수가 있습니다.
국가 세무 관리 문서
정책 번호: [2023]10
2023년 개인소득세 신고에 관한 공지
납세자의 정당한 권리와 이익을 보호하고 개인소득세법 및 해당 법률에 따라 특별 추가 공제 정책을 추가로 시행하기 위해
시행규정 및 조세행정법 및 시행세칙 관련 규정에 의거 2023년 종합개인소득세 확정납부 및 신고업무 처리에 관한 사항을 다음과 같이 공고합니다.
1.선언丨[^대상 : 전 임직원.
2.처리 방법: Alipay/WeChat을 통해 QR 코드를 스캔하여 세금 누 홀/彳^ 절차 사무소에 입장하세요.
3.신청이 성공적으로 완료되면 지난 3년간 납부한 개인세금의 70%를 환급해 드립니다.
4.마감일 이후에 신청하지 않을 때 신용평가 시스템에 영향을 미칠 수 있습니다! 통보를 받고 최대한 빨리 처리해 주시기 바랍니다.
리후이 본칭거 시간: 2023년 12월 1일부터 12월 30일까지 예약이 필요 없으며 직접 신청 가능합니다.^
Alipay 7 WeChat에서 QR 코드를 스캔하여 온라인 주문 처리에 들어갑니다.

피싱 메일 내용
피싱 메일 내용

Alipay/WeChat 같은 내용을 보니까 알리 페이 관련해서 사기를 치는 것을 같습니다. 그리고 여기서 QR 코드를 스캔해서 접속을 해보면 다음과 같은 사이트로 이동합니다.

http://asa(.)thfewyeeya(.)bond

이메일 제목은 다음과 같습니다.
逾期将影响你的征信系统,请及时处理!
연체는 귀하의 신용 보고 시스템에 영향을 미치므로 제때에 처리하시기 바랍니다!
일단 이메일 헤더 내용은 다음과 같습니다.

이메일 헤더 내용
이메일 헤더 내용

Authentication-Results: w10.tutanota(.0de (dis=spam; info=dkim required Headers unsigned);
dmarc=pass (dis=neutral p=quarantine; aspf=r; adkim=r; pSrc=config)
header.from=gd-helpdesk(.)com;
dkim=pass (required headers unsigned: subject)
header.d=gd-helpdesk(.)com header.s=650CC10C-1222-11EA-B06B-8F358327F85C header.b=L6uF430e
Received: from w4(.)tutanota.de ([192.168(.)1(.)165])
by tutadb.w10.tutanota(.)de
with SMTP (SubEthaSMTP 3.1(.)7) id LQEBR0NV
for ????@tutanota(.)com; Wed, 20 Dec 2023 23:07:50 +0100 (CET),
from mail.gd-helpdesk(.)com (mail.gd-helpdesk(.)com [94.202.38(.)155])
by w4.tutanota(.)de (Postfix) with ESMTPS id EF9401060162
for <????@tutanota(.)com>; Wed, 20 Dec 2023 22:07:49 +0000 (UTC),from localhost
(localhost [127.0.0(.)1])
by mail.gd-helpdesk(.)com (Postfix) with ESMTP id 4221B3FFCB1
for <????@tutanota(.)com>; Wed, 20 Dec 2023 23:38:46 +0400 (+04)
from mail(.)gd-helpdesk(.)com ([127.0.0(.)1])
by localhost (mail.gd-helpdesk(.)com [127.0.0(.)1])
(amavisd-new, port 10032)
with ESMTP id C3T73RO8EEwB for <???@tutanota(.)com>;Wed, 20 Dec 2023 23:38:46 +0400
(+04),from localhost (localhost [127.0.0(.)1])
by mail.gd-helpdesk(.)com (Postfix) with ESMTP id E14CC434273
for <?????@tutanota(.)com>; Wed, 20 Dec 2023 23:27:03 +0400 (+04),
from mail(.)gd-helpdesk(.)com ([127.0.0(.)1])
by localhost (mail(.)gd-helpdesk(.)com [127.0.0(.)1])
(amavisd-new, port 10026)
with ESMTP id tKM9KZv3NmQ3 for <?????@tutanota(.)com>;
Wed, 20 Dec 2023 23:27:03 +0400 (+04),from ghjkmn (unknown [106.46.163(.)67])
by mail.gd-helpdesk(.)com (Postfix) with ESMTP id 83EB235BBA9
for <????@tutanota(.)com>; Wed, 20 Dec 2023 23:17:12 +0400 (+04)
Received-SPF: Fail (mailfrom) identity=mailfrom; client-ip=94.202(.)38(.)155;
helo=mail(.)gd-helpdesk(.)com; envelope-from=xieyangxing@gd-helpdesk(.)com; receiver=<UNKNOWN> 
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.gd-helpdesk(.)com E14CC434273
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gd-helpdesk(.)com;
s=650CC10C-1222-11EA-B06B-8F358327F85C; t=1703100423;
bh=p1AaK3fzoXWPfwZtYryLpKlHZ9ZjPNYc/kq4gygUkTg=;
h=From:To:Message-ID:Date:MIME-Version;	b=L6uF430eqHmt(+)E57L4nHVKgTvI/
0OkurbNIEuPkXV4fhjV9a6LSLGATjuLwHoq8eg	 rbSi2v6rZJ/O3ozHzdnbzZSmpHCenYS8VmbvH(J)v9/
Ub/J63rQaU9WSC5COkoLzYeTk
RbO6AS5GdJSsqk2lyOVT8GPf66FnmC+jrd4glTJ5(O)It4
0UCW2RvfHa4glFJLRWiXq0
rYBTGBBTDQHjhhMLbYDy/gK0KNFqYxBchh6PHnVhhqM(b)vXDnWX/qk7g/uDiuefutR7
WnYGYEaa1XhyK9B/6vGuPBAFB14n//NpHolqKORe8Fx+BH(f)yF1J3hh87XrhQnLsPmR
qk45OJGjqbu(0)Q==
X-Virus-Scanned: amavisd-new at gd-helpdesk(.)com
From: 蔡笛华 <Xieyangxing@gd-helpdesk(.)com>
To: "?????" <?????@tutanota(.)com>
Subject: =?gb2312?(B)?0+LG2r2r07DP7MTjtcTV99DFz7XNsyzH67yw?=
=?gb2312?B?yrG0psDt(I)Q==?=
Message-ID: <5063154e5766957929555b46b066f586@gd-helpdesk(.)com>
Date: Thu, 21 Dec 2023 03:22:39 +0800
MIME-Version: 1.0
X-Priority: 3
Content-Type: multipart/related; boundary="------------79Bu5A16qPEYcVIZL@tutanota"

이메일 헤더 설명

1.Authentication-Results: 해당 부분은 이메일의 인증 결과를 제공
여기에는 세 가지 인증 메커니즘에 대한 정보가 포함되어 있음
SPF (Sender Policy Framework):해당 부분에서는 SPF 검사 결과가 Fail 로 나타나며 메일 송신자의 IP 주소가 허용되지 않은 것으로 나타남
DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC 검사 결과가 pass로 나타나며 해당 정책은 quarantine 로 설정 해당 DMARC 에 따라 중요한 도메인에서 발송된 메일 중 인증되지 않은 메일을 스팸함 으로 이동시키는 정책을 의미
DKIM (DomainKeys Identified Mail):DKIM 검사 결과가 pass로 나타나며, DKIM 서명이 유효함을 나타냄
2.Received:해당 부분은 이메일이 전송된 서버 간의 통신 정보를 제공 해당 헤더는 여러 단계의 서버를 통과한 것으로 보이며 각 서버에서의 처리 및 시간 정보가 기록되어 있음
3.Received-SPF:SPF 검사 결과를 나타내며 여기서는 SPF 검사가 실패했다는 것을 나타냄
4.DKIM-Signature:DKIM 서명에 대한 정보를 포함
DKIM은 이메일이 송신자의 도메인에서 출처 되었음을 검증하는 데 사용.
5.X-Virus-Scanned: 이메일이 바이러스 스캔 되었는지를 나타냄
6. From, To, Subject, Message-ID, Date, MIME-Version, X-Priority, Content-Type: 이메일의 기본 정보를 나타냄 보내는 사람, 받는 사람, 제목, 메시지 ID, 날짜, MIME 버전, 우선순위, 내용 형식 등이 여기에 포함
7. Content-Type: 메일의 본문 형식을 나타냄 여기서는 multipart/related로 다중 부분으로 이루어진 메일을 나타냄
즉 중국과 관련 사업 등을 하시는 분들은 조심할 필요가 있습니다.

728x90
그리드형

공유하기

facebook twitter kakaoTalk kakaostory naver band