US BANK Online – Scam

Scammer Spammer

Here we have an email that looks like it could be legit, but is far from that.

FromU.S. Bank Online <usbank@thejarviscompany.com>
To***@*************.***
DateToday 13:4

*******************************************************

Several Red Flags Found & The First One is Obvious

  • FROM: U.S. Bank Online <usbank@thejarviscompany.com> – The Jarvis Company is not even related to banking first of all and is located in Washington DC. Why would they be sending email for USBANK and is a RED FLAG
  • This email came from an email server the scammer setup at home and is spoofing a domain name. – The Email comes from IP ADDRESS 75.117.164.126 – Which is located in London, England. Further more the address translates to h126.164.117.75.dynamic.ip.windstream.net which is a dynamic(Changing IP Address). Legitimate email servers are setup with Static IPs and will also have a MX record that would match. Only scammers/spammers/thieves send email from email servers with Changing IP Addresses since they do not accept incoming email and this is a way to try and hide, However many spam systems will detect this email as Junk because of this. This IP Address is maintained by Windstream-London.
  • Most of the links in the email looked legit and also pointed to usbank.com except one. The link for VIEW YOUR RECEIPT points somewhere completely different. inspirionlabs_com with some server side directives included. Is this a scammer site? or is this a Site that was hacked and now being used to infect people with a Virus? The domain has been in use since 2009, however it was updated to 2/25/2019. Coincidence or not? Same day of the this spam….
  • inspirionlabs_com website resides on the GoDaddy Network and possibly a hacked site. I see more and more scammers and hackers abusing GoDaddy. Why is this? Do they have security flaws they are unaware of? It appears that many sites get hacked and scammers operate through GoDaddy Services and is a growing trend vs other hosts we see being abused.


Leave a Reply