TOKYO (MacHouse) – There is little that we know about Sterling Savings Bank. (Screenshot 01 shows the index page of bank’s website.) Its headquarters are located in Spokane, Washington, USA. The bank has branches in such states as Washington, Idaho, Oregon and Montana. We learned about the existence of this financial institution only a few hours ago. The Sterling Savings Bank is the latest phishing target.
 Screenshot 01 – Source: Sterling Savings Bank |
 Screenshot 02 – Source: MacHouse |
 Screenshot 03 – Source: Unknown |
An organized cyber scum group has circulated at least one spam message randomly targeting Sterling Savings Bank. The subject line of the spam message says
Attention – Important Customer Information
The body of the message indicates that the ‘Net Banking account’ of the recipient is about to expire. Therefore, he or she is urged to update their account by accessing
http://updates.sterlingsavingsbank.com/onlineserv/CM
But there is no host at this URL. The underlying URL behind it is actually http://89.187.49.10/onlineserv/CM/. And that’s where a phishing website is set up to steal account information from Sterling Savings Bank’s online banking customers.
Screenshot 04 shows the phishing website hosted at http://89.187.49.10/onlineserv/CM/. It doesn’t resemble the genuine login page of Sterling Savings Bank’s website at all. (See Screenshot 05.) If you enter login information and click on the Submit button, you will end up at an error page. (See Screenshot 06.)
 Screenshot 04 – Source: http://89.187.49.10 |
 Screenshot 05 – Source: Sterling Savings Bank |
 Screenshot 06 – Source: http://89.187.49.10 |
So where is this phishing website hosted? The IP address of 89.187.49.10 shown in the URL indicates that the phishing website may be hosted by an unidentified web hosing company in Moldova. The IP address of 89.187.49.10 is actually that of the hosting web server itself.
We will have a more detailed report soon.
References
