China: ISP level Gmail phishing

In the past few days, there are many reports from Chinese internet users saying that when they try to access gmail account, they are redirected to a url: http://124.117.227.201/web/gmail/
and asked to re-enter their password.

Today NTDTV.com disclosed that the url is a phishing page for stealing users’ password. It is believed that local ISPs are involved in the phishing activities.

The phishing website looks exactly the same with Gmail but the server is from Urumqi.

phishing one

Moreover, some China Unicom users said that even when they have logged in their Gmail account, the ISP would ask them to “re-enter” the password. The source codes show that it is phishing activities again:

phishing two

The NTDTV.com report suggested user to check the login history of their Gmail account and change their password. In addition, they should check their filter setting and see if some of their emails be redirected to other email account.

The report also said that the ISPs level phishing is to create a sense of insecure feeling among gmail users and force them to stop using Google service.

3 comments

Join the conversation

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.