Saturday, February 13, 2016

St. Josephs Hospital - Spam Texts

Webmail accounts at may have been hacked and are being used by scammers.

Today I received a text message from
"You have been picked for charity donation"
Reply to:

I visited and several site subdomains (, and the site redirects to and also says it's down for maintenance, which made me suspicious it might not be a legitimate domain affiliated with St. Josephs Hospital, or that it was hacked. Looking at Google page cache showed employee payroll login forms which requested ePay/PeopleSoft Username and Password
My browser also blocked site access, due to improper site configuration and invalid security certificate

I became concerned criminals set up a fake/phishing St. Joseph payroll site to harvest employee usernames and passwords to gain access to payroll accounts.

First I checked domaintools site info but saw nothing suspicious.
But I don't know if that's an O or an 0...

I then visited which is the official St. Josephs Hospital website.
On site pages were several links to, so I wondered if the site had been hacked and illegitimate links inserted into page code, to direct employees to an illegal phishing domain.

To get answers I finally called St. Josephs IT Dept.

Their IT guy verified is in fact a legit website used for St Joseph company business, and that it is currently down for maintenance. He also verified the sender email I received the text from - is a legit staff email account.

This leads me to believe at least one of the webmail accounts have been hacked and is being used to send out scam texts and emails. Or, whoever sent me that spam text spoofed their real sender identity. Or, the culprit is a dirty employee working inside St Josephs organization.

Whatever the case, their IT dept assured me they'll check into it to see if any webmail accounts have been breached or are being used to send spam. In the meantime, beware any suspicious texts or emails you receive from

I'm not the only person getting spam from that domain.

Hopefully it won't turn out the entire domain and database was hacked or payroll funds stolen. But that might explain why it's down for maintenance, while the FBI investigates.

Btw Marie Holmes (not Maria) is the name of the now world famous NC Powerball winner.
Subsequently her name has become associated with myriad internet scams.

*Update: I emailed
Received a reply from

The gist of it...
"I am Marie Holmes... I was one of the three $188 million winner of the $564 million jackpot... your profile was selected randomly from Google team and i believe GOD picked you for this donation just to bless your family like mine.... We may not know you, but i believe you were chosen by God to receive our donation of 2 MILLION dollars..."

I'm guessing Marie's next brilliant move is try to pry my banking username, password etc from me, so she can wire me that very generous $2,000,000 charity donation.

*Update: I was told to contact "Santander Consumer Bank" at to collect the donation.

I think is an old ATT ISP-based email service? Who knows.

Anyway, Here's the reply I got from "SCB Bank" (

Dear Customer,
Please find the Santander Consumer Bank Online Account Opening Application Form, to be properly filled and submitted, alongside a means of IDENTIFICATION (Driver's License, Passport or National ID). With the aid of our online banking system, transfers can be initiated to any account of  your choice locally or Internationally from your Santander Consumer Bank Account.

Important: Please note that an initial deposit of 340 USD is required for completing the account setup procedure for Online Account Maintenance Fee which is "REFUNDABLE" any time applicant wishes to close His/Her account with us. Account setup takes 24 Banking hours upon receiving the filled copy of  the Online Account Opening Application Form containing Applicant's data.

Eragbai Alonzo Abu
Accounting Officer

So basically these thieves would like to steal my identity, drain my bank account, and collect $340 all in one fell swoop.

In other (unrelated?) cyberwar news...

A Los Angeles hospital paid a ransom of nearly $17,000 in bitcoins to hackers who infiltrated and disabled its computer network because paying was in the best interest of the hospital and most efficient way to solve the problem.

*Update: 10/11/16
St. Joseph Health System Confirms Data Security Incident

PS: I am SO SORRY PEOPLE for linking to that article.
As you can see in the screen shot below, they're not real happy about my browser configurations....

No comments:

Post a Comment

Thank you for your helpful comments! Comments moderated due to spam and angry scammers. Please be patient. Copy your comments before clicking publish so you don't lose them to errors. If your comments won't publish, try a different browser. *NOTE: For your protection and privacy I advise readers to comment anonymously. Bookmark this page then log out of all Google accounts & close all Google site tabs or windows, including Youtube. Then return to this blog and post your comment anonymously.