Sino-Russian conspiracy : Domains used to steal bank account credentials


Russian cybercriminals hiding behind fake Chinese WHOIS have launched sophisticated phishing attacks.

Targeting owners of major US bank accounts, the attacks involve the registration of domains resembling those of financial institutions; most of these domains are registered with Chinese domain registrars.

Chase Bank is one such example we covered; Wells Fargo is another such incident.

American Express is now targeted in an attempt to steal valuable account credentials, and while the WHOIS info for the domain is Chinese, the hosting servers are in Russia.

In this case, the portal of American Express has been replicated; the moment an unsuspecting victim enters their information as instructed in the phishing email, their credentials are sent to the cybercriminals operating this scheme.

Cybercriminals created this fake portal of American Express.

Cybercriminals created this fake portal of American Express.

The following domain names are being used by the same scammers, registered with the Chinese domain registrar, TodayNIC.

To avoid having your financial account credentials – and your money – stolen, never click on email links, no matter how persuasive they seem to be. Always visit the web site of your bank by typing it directly into the web browser.

Copyright © 2019 · All Rights Reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available