Chinese bank caught hosting phishing sites

Phishing emails sent over the weekend targeted customers of Chase Bank and eBay

Web monitoring firm Netcraft has warned that a web server belonging to a state-operated Chinese bank is hosting phishing sites targeting US banks and financial institutions. 

"This is the first instance we've seen of one bank's infrastructure being used to attack another institution," said Netcraft.

The company revealed that the phishing emails sent over the weekend targeted customers of Chase Bank in the US and eBay, and were directed to sites hosted on IP addresses assigned to the Shanghai branch of the China Construction Bank. 

"The phishing pages are located in hidden directories with the server's main page displaying a configuration error," said Netcraft.

Recipients of the emails were offered the chance to earn $20 by filling out a user survey which presented a series of questions.

This was followed by a request for user ID and password so that the $20 'reward' could be deposited into the proper account.

The form also requested the victim's bankcard number, Pin, card verification number, mother's maiden name and Social Security number. Any data submitted was then sent to a free form processing service on a server in India.

One giveaway was that the URL in the phishing email used an IP address rather than a domain, typically a strong indicator of a phishing site.

Netcraft warned that the same IP address at the China Construction Bank in Shanghai was used over the weekend to host a page spoofing the eBay log-in screen.

• Can you spot a phishing email? Take the Phishing IQ Test