A Chinese bank, The China Construction Bank (CCB) Shanghai Branch, is hosting phishing sites targeting U.S banks and financial institutions. Phishing emails targeting customers of Chase Bank and eBay were directed to sites hosted on IP addresses assigned to the bank.


A Chinese bank, The China Construction Bank (CCB) Shanghai Branch, is hosting phishing sites targeting U.S banks and financial institutions. Phishing emails targeting customers of Chase Bank and eBay were directed to sites hosted on IP addresses assigned to the bank.

According to Netcraft, the phishing pages were located in hidden directories with the server’s main page.

The attack on Chase Bank offers recipients of the email a chance to earn $20 by completing a survey. The survey consists of a series of questions about the usability of Chase online banking site. This is followed by a request for the user’s ID and password, to deposit the $20.

The form also requests the customer’s bankcard number, PIN number, card verification number, mother’s maiden name and Social Security number. The data that is submitted is sent to a free form processing service based on a server in India.

The same IP address was also used to host a page phishing the eBay login screen.

Both attacks are blocked by the Netcraft Toolbar, a free anti-phishing tool for IE and Firefox users.

For more information on the phishing attacks, click here.

To download the Netcraft Toolbar, click here.

 

 

 

 

Sharing is caring