“Steward Bank” Online Banking Phishing

A phishing email is doing the rounds, targeting Steward Bank Zimbabwe existing and potential customers.

The phishing emails are being sent from the email address [email protected] which is hosted on the domain zwstewardbk.org. The domain is hosted by Frikkadel South Africa, https://frikkadel.co.za/.

Once a user clicks on the link in the email, the email directs to the landing page hxxps://www.stewardbankzw.online/bankingstewardbanklogin2.html requesting the user to enter username and password to receive an OTP. Once a password has been entered and the user clicks on the “Get OTP” button, the user is redirected to another page which this time has the fields that require a user to enter the following details:

  • Card Number:
  • Card Pin:
  • E-Mail:
  • Date of Birth:
  • Address Line 1:
  • Address Line 2:
  • City:
  • State:
  • Country:
  • Phone

After completing all the required fields, and clicking on the “Get OTP” button, the user is directed to the page hxxps://www.stewardbankzw.online/bankingstewardbanklogin3.html which contains a fake success message that reads as follows: “

Take special care to ensure that you have verified if you are accessing the correct domain as the phishing domain may look similar if seen passively, and has a valid RSA SSL certificate issued on 21 June 2021 and expires on 20 September 2021. If you had by any chance received this email and entered your information, please engage Steward Bank customer service immediately to restrict your account. Steward Bank does not request you to disclose your personally identifiable information online.

Also note that the correct Steward Bank Zimbabwe domain is https://www.stewardbank.co.zw/ and the correct Online Banking URL is https://banking.stewardbank.co.zw/login#/; whilst the phishing domain is hxxps://www.stewardbankzw.online/ and the Online Banking phishing URL is hxxps://www.stewardbankzw.online/bankingstewardbanklogin2.html.

Leave a Reply

Your email address will not be published. Required fields are marked *