Saturday, February 13, 2016

St. Josephs Hospital - Stjoe.org Spam Texts


Webmail accounts at stjoe.org may have been hacked and are being used by scammers.

Today I received a text message from susan.hanlonledbetter@stjoe.org
Message:
"You have been picked for charity donation"
Reply to: mariaholmes2015@yahoo.ca



I visited stjoe.org and several site subdomains (myhr.stjoe.org, carenet.stjoe.org) and the site redirects to stjhs.org and also says it's down for maintenance, which made me suspicious it might not be a legitimate domain affiliated with St. Josephs Hospital, or that it was hacked. Looking at Google page cache showed employee payroll login forms which requested ePay/PeopleSoft Username and Password
 
My browser also blocked site access, due to improper site configuration and invalid security certificate

I became concerned criminals set up a fake/phishing St. Joseph payroll site to harvest employee usernames and passwords to gain access to payroll accounts.

First I checked domaintools site info but saw nothing suspicious.
But I don't know if that's an O or an 0...

I then visited sjo.org which is the official St. Josephs Hospital website.
On site pages were several links to stjoe.org, so I wondered if the site had been hacked and illegitimate links inserted into page code, to direct employees to an illegal phishing domain.

To get answers I finally called St. Josephs IT Dept.

Their IT guy verified stjoe.org is in fact a legit website used for St Joseph company business, and that it is currently down for maintenance. He also verified the sender email I received the text from - is a legit staff email account.

This leads me to believe at least one of the stjoe.org webmail accounts have been hacked and is being used to send out scam texts and emails. Or, whoever sent me that spam text spoofed their real sender identity. Or, the culprit is a dirty employee working inside St Josephs organization.

Whatever the case, their IT dept assured me they'll check into it to see if any webmail accounts have been breached or are being used to send spam. In the meantime, beware any suspicious texts or emails you receive from stjoe.org

I'm not the only person getting spam from that domain.

http://antifraudintl.org/threads/susan-ledbetter-attorney.102903/

Hopefully it won't turn out the entire domain and database was hacked or payroll funds stolen. But that might explain why it's down for maintenance, while the FBI investigates.

Btw Marie Holmes (not Maria) is the name of the now world famous NC Powerball winner.
Subsequently her name has become associated with myriad internet scams.
___________________________________________________

*Update: I emailed mariaholmes2015@yahoo.ca
Received a reply from mariaholmes2015@gmail.com

The gist of it...
"I am Marie Holmes... I was one of the three $188 million winner of the $564 million jackpot... your profile was selected randomly from Google team and i believe GOD picked you for this donation just to bless your family like mine.... We may not know you, but i believe you were chosen by God to receive our donation of 2 MILLION dollars..."

I'm guessing Marie's next brilliant move is try to pry my banking username, password etc from me, so she can wire me that very generous $2,000,000 charity donation.
___________________________________________________

*Update: I was told to contact "Santander Consumer Bank" at scbbank@snet.net to collect the donation.

I think snet.net is an old ATT ISP-based email service? Who knows.

Anyway, Here's the reply I got from "SCB Bank" (scbbank@snet.net)

Dear Customer,
Please find the Santander Consumer Bank Online Account Opening Application Form, to be properly filled and submitted, alongside a means of IDENTIFICATION (Driver's License, Passport or National ID). With the aid of our online banking system, transfers can be initiated to any account of  your choice locally or Internationally from your Santander Consumer Bank Account.

Important: Please note that an initial deposit of 340 USD is required for completing the account setup procedure for Online Account Maintenance Fee which is "REFUNDABLE" any time applicant wishes to close His/Her account with us. Account setup takes 24 Banking hours upon receiving the filled copy of  the Online Account Opening Application Form containing Applicant's data.

Sincerely,
Eragbai Alonzo Abu
Accounting Officer


So basically these thieves would like to steal my identity, drain my bank account, and collect $340 all in one fell swoop.

In other (unrelated?) cyberwar news...

A Los Angeles hospital paid a ransom of nearly $17,000 in bitcoins to hackers who infiltrated and disabled its computer network because paying was in the best interest of the hospital and most efficient way to solve the problem.

latimes.com

*Update: 10/11/16
St. Joseph Health System Confirms Data Security Incident

PS: I am SO SORRY PEOPLE for linking to that Latimes.com article.
As you can see in the screen shot below, they're not real happy about my browser configurations....




No comments:

Post a Comment

Thank you for your helpful comments! Comments moderated due to spam and angry scammers. Please be patient. Copy your comments before clicking publish so you don't lose them to errors. If your comments won't publish, try a different browser. *NOTE: For your protection and privacy I advise readers to comment anonymously. Bookmark this page then log out of all Google accounts & close all Google site tabs or windows, including Youtube. Then return to this blog and post your comment anonymously.