We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,108 News Articles

Hacked bank server hosts phishing sites

Scam could be an inside job

Criminals appear to have hacked a Chinese bank's server and are using it to host phishing sites to steal personal data from customers of eBay and a major US bank, according to internet services company Netcraft.

It may be the first scheme that uses one bank's infrastructure to exploit another, said Paul Mutton, an internet services developer at Netcraft, based in Bath.

A user of Netcraft's free phishing toolbar reported receiving a suspicious email, Mutton said. The email led to phishing sites located in hidden directories on a server with IP addresses belonging to the Shanghai branch of China Construction Bank, a state-owned bank with more than 14,000 branches.

One of the phishing sites offered customers of Chase Bank, part of JPMorgan Chase, a chance to receive $20 (about £12) for filling out a survey. The survey asked for the user's ID and password so the money could be deposited. Furthermore, it requested the person's bank card number, PIN, card verification number, mother's maiden name and US social security number.

The submitted data is then apparently sent to a form-processing server in India, Netcraft said.

The site pulls images and style sheets from Chase Bank's web page. The method is known as 'hot-linking' or 'bandwidth leeching', Netcraft said. But it also leaves a trail, as the server where the images are pulled from retains a log of IP addresses of computers that requested the images.

There doesn't seem to be any advantage to the phishers in using a bank to host the fake page, which doesn't appear as a secure site to the browser. The URL of the site appears as an IP address rather than Chase Bank's domain name – another suspicious indicator.

On Saturday, Netcraft also found a fraudulent eBay login page with an IP address registered to the Chinese bank.

The fake eBay page carried a VeriSign seal, which is supposed to take visitors clicking on it to a page on Verisign's site vouching for the security of the site. However, the seal used vouches for the security of an entirely different site.

China Construction Bank may be unaware that someone has exploited a security vulnerability on their server, Mutton said. It's also possible that the server is infected with a worm that may be allowing unauthorised access, he added.

The scam could also be an inside job. "Anyone who has access to a server, either authorised or unauthorised, could have done it," Mutton said.


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...