Chinese Bank Network Involved in New Phishing Tactic
Posted by Peter Mucklestone and Stuart Louie
As recently reported by Gregg Keizer at TechWeb News, Netcraft, a U.K.-based internet monitoring company recently uncovered the unauthorized use of China Construction Bank Corp.’s servers by online criminals to host “spoofed sites” in order to dupe customers of American banks and online retailers. China Construction Bank Corp. is one of China’s “Big Four” state-owned banks with more than 14,200 branches across China.
During the phishing attempts which began this past Saturday, email messages were sent to customers of Chase Bank and Ebay that directed them to false Chase and Ebay sites hosted on IP addresses assigned to one of China Construction Bank Corp.’s Shanghai branches. These sites, tucked away in hidden directories on China Construction Bank Corp.’s network, urged Chase customers to fill-out an online survey evaluating Chase’s online banking sites and, in exchange, promised each customer a monetary reward of $20. As is typically in phishing attempts, the customer was asked to provided, among other things, his or her Chase card number, PIN, social security number and other private personal information. Ebay customers, on the other hand, were directed to a false login screen.
The significance of this phishing attempt is two-fold. First, it marks the first time one bank’s network has been used by criminals to steal personal information from another bank’s customers. Second, it reflects the growing emergence of new types of phishing attempts other than fictitious “customer support” emails. In order to protect oneself, Netcraft suggests that users carefully scrutinize the URL in the any potential “phishing” message. If such URL is a raw IP address as opposed to a domain, it is likely that the email is not authentic.
More information here.