Posted on 03/13/2006 9:16:55 AM PST by holymoly
China Construction Bank may not know that a security vulnerability on its server has been exploited
Criminals appear to have hacked a Chinese bank's server and are using it to host phishing sites to steal personal data from customers of eBay Inc. and a major U.S. bank., according to Internet services company Netcraft Ltd.
It may be the first scheme that uses one bank's infrastructure to exploit another bank, said Paul Mutton, an Internet services developer for Netcraft, based in Bath, England.
A user of Netcraft's free phishing toolbar reported receiving a suspicious e-mail, Mutton said. The e-mail led to phishing sites located in hidden directories on a server with IP addresses belonging to the Shanghai branch of China Construction Bank Corp., a state-owned bank with more than 14,000 branches.
One of the phishing sites offered customers of Chase Bank, part of JPMorgan Chase & Co., a chance to receive $20 for filling out a survey. The survey asked for the user's ID and password so the money could be deposited. Further, it requested the person's bank card number, PIN, card verification number, mother's maiden name and their U.S. Social Security number, Netcraft said.
The submitted data is then apparently sent to a form-processing server in India, Netcraft said.
The site pulls images and style sheets from Chase Bank's Web page. The method is known as "hot-linking" or "bandwidth leeching," Netcraft said. But it also leaves a trail, because the server where the images are pulled from retains of log of IP addresses of computers that requested the images, Mutton said.
There doesn't seem to be any advantage to the phishers in using a bank to host the fake page, which doesn't appear as a secure site to the browser. The URL of the site appears as an IP address rather than Chase Bank's domain name, another suspicious indicator.
On Saturday, Netcraft also found a fraudulent eBay log-in page with an IP address registered to the Chinese bank.
The fake eBay page carried a VeriSign seal, which is supposed to take visitors clicking on it to a page on Verisign Inc.'s site vouching for the security of the site. However, the seal vouches for the security of an entirely different site.
China Construction Bank may be unaware that someone has exploited a security vulnerability on its server, Mutton said. It's also possible that the server is infected with a worm that may be allowing unauthorized access, he said.
The scam could also be an inside job. "Anyone who has access to a server, either authorized or unauthorized, could have done it," Mutton said.
Then again, the may know exactly what is going on. They may even be the ones behind it.
I was thinking the same thing: Who says they've been hacked?
Ya think?
"One of the phishing sites offered customers of Chase Bank, part of JPMorgan Chase & Co., a chance to receive $20 for filling out a survey. The survey asked for the user's ID and password so the money could be deposited. Further, it requested the person's bank card number, PIN, card verification number, mother's maiden name and their U.S. Social Security number, Netcraft said."
First those darn Asians buy up all the Gold.
Now this.
You needed a period, right there. ;)
People should remember the old saying: "You can't un-ring a bell."
Your name & SS# are all someone needs to steal your ID. Once your personal/private information is out there, there's no way to get it back.
I got one over the weekend from Bank of America, saying that my account had been frozen & they needed the same info, or checks would bounce. Don't have an account at Bank of America. So I called Bank of America, faxed to them and forwarded it to the FBI.
I know one such person. The idiot gave away his PayPal password, and within seconds they emptied his account and maxed out his credit card. There are plenty of others just as foolish.
I get those all the time. I get paypal notices like that to email accounts I don't have tied to PP.
Weird and weirder...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.