アマゾンからのメール（迷惑） ( ホームページ ) - 幸四郎の日記

さっき、メールチェックしているとAmazon.comからメールが来ていた。
どうやら、注文に対してカードが使えないというないようのようだ。

待ってくれ、オイラは最近Amazon.comでは買いものしてないぞ！
というわけで、さっそくAmazon.comにログインして購入履歴をチェックする。
すると、最近の購入履歴はない。届いたメールは以下のとうり

Regarding Your Amazon.com Order Order Placed: June 11, 2013
Amazon.com order number: 104-572-9142512
Order Total: $2057.07
Sony VAIO E Series SVE11135CXW 11.6-Inch Laptop (White)
Sony KDL50EX645 50-Inch 1080p 120HZ Internet Slim LED HDTV (Black)
Sony DSC-H200 Digital Camera with 3-Inch LCD (Black)

Payment Problem

We're writing to let you know that we are having difficulty processing your payment for the above transaction. To protect your security and privacy, your issuing bank cannot provide us with information regarding why your credit card was declined. However, we suggest that you double-check the billing address, expiration date and cardholder name that you entered; if entered incorrectly these will sometimes cause a card to decline. There is no need to place a new order as we will automatically try your credit card again.There are a few steps you can take to make the process faster: 1. Verify the payment information for this order is correct (expiration date, billing address, etc). You can update your account and billing information at : https://www.amazon.com/gp/css/summary/edit.html?ie=UTF8&orderID=104-572-9142512 2. Contact your issuing bank using the number on the back
of your card to learn more about their policies. Some issuers put restrictions on using credit cards for electronic or internet purchases. Please have the exact dollar amount and details of this purchase when you call the bank. If paying by credit card is not an option, buy Amazon.com Gift Card claim codes with cash from authorized resellers at a store near you. Visit www.amazon.com/cashgcresellers to learn more. Thank you for shopping at Amazon.com. Sincerely, Amazon.com Customer Service http://www.amazon.com Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message..

ヘッダを見てみると

Return-Path: <dse@docusign.net>
X-Original-To: オイラのアドレス
Delivered-To: オイラのアドレス
Received: from
by mail. (Postfix)
with ESMTP id 67591F408E4 for <オイラのアドレス>;
Wed, 12 Jun 2013 06:13:09 +0900 (JST)
Received: from
by
with ESMTP id r5BLD9lg018089-r5BLD9lh018089 for <オイラのアドレス>;
Wed, 12 Jun 2013 06:13:09 +0900
Received: from localhost.localdomain (localhost [127.0.0.1])
by (Postfix)
with ESMTP id 5E1FDF408E7 for <オイラのアドレス>;
Wed, 12 Jun 2013 06:13:09 +0900 (JST)
Received:
by macheker
Received: from rrcs-70-61-65-195.midsouth.biz.rr.com (rrcs-70-61-65-195.midsouth.biz.rr.com [70.61.65.195]) by (Postfix)
with ESMTP id 2F329F4087B; Wed, 12 Jun 2013 06:11:58 +0900 (JST)
Received: from 70.61.65.195(helo=bvrbmefyynzzjkp.wykoqifpdh.org) by rrcs-70-61-65-195.midsouth.biz.rr.com
with esmtpa (Exim 4.69) (envelope-from ) id 1MMJ3R-3675yb-GE for
Tue, 11 Jun 2013 16:13:06 -0500
Date: Tue, 11 Jun 2013 16:13:06 -0500
From: "Amazon.com Customer Care Service" <payments-update@amazon.com>
X-Mailer: The Bat! (v2.00.2) Educational
X-Priority: 3 (Normal)
Message-ID: <0746214522.SRZOBWCP731151@svupccb.xlwxikidepqgdwd.com>
To: <support@.ne.jp>,
<オイラのアドレス>
Subject: Payment for Your Amazon Order # 104-572-9142512
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------AAFE8E3E4A475671"

本文だけでは気づかないことが見えてきます。
Return-Path: <dse@docusign.net>
Message-ID: <0746214522.SRZOBWCP731151@svupccb.xlwxikidepqgdwd.com>
ね。おかしいでしょ。amazon.comからでないですよ。

オイラはメールはテキスト表示にしてあります。で、HTMLこどーを見てみると

最初の部分だけですけど

Regarding Your Amazon.com Order

Order Placed: June 11, 2013
Amazon.com order number: <http://www.errezeta.biz/encor/index.html>104-572-9142512
Order Total: $2057.07

<http://www.errezeta.biz/encor/index.html>Sony VAIO E Series SVE11135CXW 11.6-Inch Laptop (White)

<http://www.errezeta.biz/encor/index.html>Sony KDL50EX645 50-Inch 1080p 120HZ Internet Slim LED HDTV (Black)

<http://www.errezeta.biz/encor/index.html>Sony DSC-H200 Digital Camera with 3-Inch LCD (Black)

どうやら、発注番号や商品の画像のところで
<http://www.errezeta.biz/encor/index.html>
に誘導しているように見えますね。トロイの木馬がリンク先にあるようです。リンク部分は一部修正しました
流石にここをクリックしてみる気にはなれませんでしたけど・・・・・

このようなメール気をつけてください

追記
agusで調べてみたところメールの経路偽装の可能性は低いとのこと
だけど発信先へアクセスしてみるとルーターへのログイン画面になる。
また、発信先のドメイン情報では
Warner Bros. Entertainment Inc.
4000 Warner Blvd.
Burbank CA 91522
US
ワーナみたい。怪しいですね