Phishing Website Found Targeting Sterling Savings Bank Customers Part 2 + Discovery of First Banks Phishing Website
TOKYO (MacHouse) - As we reported earlier, Sterling Savings Bank is the latest target of a phishing scam. An organized cyber scum group circulated a spam message at 01:00 AM (US Pacific Summer Time), September 30. (See Screenshot 01.) The message urges the recipient to update their online account. Click on the given link in the message forwards one to a phishing website hosted at http://89.187.49.10/onlineserv/CM/.
An interesting aspect of this phishing message is its origin. The message indicates that sender’s e-mail address is system@sterlingsavings.digitalinsight.com. But why does the spammer want to designate the e-mail server of digitalinsight.com other than sterlingsavingsbank.com? According to Digital Insight’s website, they are ‘the leading provider of online banking services to mid-market banks and credit unions in the United States’. (Screenshot 02 shows the index page of Digital Insight’s website.) So this statement explains the connection between Sterling Savings Bank and Digital Insight.
 Screenshot 01 - Source: MacHouse |
 Screenshot 02 - Source: Digital Insight |
 Screenshot 03 - Source: MacHouse |
Screenshot 03 shows the HTML source code of the phishing message. The phishing message looks as if it originated from system@sterlingsavings.digitalinsight.com. But the web server leading to digitalinsight.com has the IP address of 208.2.188.3. It’s hosted in Westlake Village, California. And the source code shows no indication that the message originated from this IP address. The only IP address we see is 65.217.184.185. It belongs to a network company in Armonk, New York. In fact, the actual origin of the spam message may be Eastern Europe. The spammer seems to have sent out the phishing message at 08:00:09. It’s 2 hours ahead of the Greenwich Mean Time although the time zone of +00:00 indicates otherwise. There are many countries under GMT+2. The Republic of Moldova is one of them.
 Screenshot 04 - Source: MacHouse |
As we stated earlier, the web server the phishing website is traced to 89.187.49.10. The server location is Moldova. If we access this IP address… We find another phishing website to target First Banks customers. Whoa, that’s an unexpected and accidental discovery of a new phishing website.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
Phishing Website Found Targeting Sterling Savings Bank Customers Part 1
Beware of First Bank Phishing Website - Odd Combination of North Korea, Iran and Russia
Beware of Phishing Mail / Website Targeting First Banks Customers
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.