"This is the first instance we've seen of one bank's infrastructure being used to attack another institution," said Netcraft.
The company revealed that the phishing emails sent over the weekend targeted customers of Chase Bank in the US and eBay, and were directed to sites hosted on IP addresses assigned to the Shanghai branch of the China Construction Bank.
"The phishing pages are located in hidden directories with the server's main page displaying a configuration error," said Netcraft.
Recipients of the emails were offered the chance to earn $20 by filling out a user survey which presented a series of questions.
This was followed by a request for user ID and password so that the $20 'reward' could be deposited into the proper account.
The form also requested the victim's bankcard number, Pin, card verification number, mother's maiden name and Social Security number. Any data submitted was then sent to a free form processing service on a server in India.
One giveaway was that the URL in the phishing email used an IP address rather than a domain, typically a strong indicator of a phishing site.
Netcraft warned that the same IP address at the China Construction Bank in Shanghai was used over the weekend to host a page spoofing the eBay log-in screen.
- Can you spot a phishing email? Take the Phishing IQ Test
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago