SpamBITS

As n AllTime Treasury user I am informed about an unauthorized usage of my bank account. The spam email politely explains why they are asking to confirm my ebanking access.
Following is the email text:

Pacific Capital Bancorp

Dear AllTime Treasury user,

As part of our security measures, we regularly screen activity in the
AllTime Treasury system. We recently contacted you after noticing an issue
on your account. We requested information from you for the following reason:
Our system detected unauthorized use of a bank account linked to ebanking
accounts.

Attention for all AllTime Treasury users!

This is a reminder to log in to AllTime Treasury as soon as possible.

Be sure to log in securely by hyperlink below. Once you log in, you will be
provided with new account design and steps to confirm your account access.
We appreciate your understanding as we work to ensure account safety.
Login by clicking here:
https://alltimetreasury.pacificcapitalbank.com/
We thank you for your prompt attention to this matter. Please understand
that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
Pacific Capital Bancorp is the parent company of Pacific Capital Bank, N.A.,
a nationally chartered bank that operates 50 branches under the highly
recognized brand names of Santa Barbara Bank & Trust, First National Bank of
Central California, South Valley National Bank, San Benito Bank, Pacific
Capital Bank, and, First Bank of San Luis Obispo.

Sincerely,
Pacific Capital Bancorp Support Department

Copyright Š 2006. Pacific Capital Bank. N.A. All Rights
Reserved.
This information is not an official record of
your accounts and transactions at Pacific Capital Bank, N.A. or any other
financial institution.

The sender of the message claims to be:
“Global Markets & Investment Banking Group - Pacific Capital Bancorp”
but looking at email headers we will see that the return address is:
Return-Path:

Where the link points to? Of course not to the bank web site. It starts with:
http://alltimetreasury.pacificcapitalbank.
but the rest of the long URL is:
tekportfolio.servlet.tbuicontroller.tpuiaction.
logon25739368.m5gg.com/TB_QUEST_Controller.htm
The real domain is:
m5gg.com
The domain is with IDProtect enabled and is bought from:
REGISTER.COM, INC.

Current name servers of the domain m5gg.com (at the moment of writing) are:
NS1.BIGBADBOLD.COM
NS2.BIGBADBOLD.COM

If you are a client of the bank - be aware and delete this email as soon as you received it. Do not follow the links or enter any sensitive information on suspicious web sites.

Hope you find the info useful.