Criminals appear to have hacked a Chinese bank\u2019s server and are using it to host phishing sites to steal personal data from customers of eBay Inc. and a major U.S. bank., according to Internet services company Netcraft Ltd.It may be the first scheme that uses one bank\u2019s infrastructure to exploit another bank, said Paul Mutton, an Internet services developer for Netcraft, based in Bath, England.A user of Netcraft\u2019s free phishing toolbar reported receiving a suspicious e-mail, Mutton said. The e-mail led to phishing sites located in hidden directories on a server with IP (Internet protocol) addresses belonging to the Shanghai branch of China Construction Bank Corp., a state-owned bank with more than 14,000 branches. One of the phishing sites offered customers of Chase Bank, part of JPMorgan Chase & Co., a chance to receive US$20 for filling out a survey. The survey asked for the user\u2019s ID and password so the money could be deposited. Further, it requested the person\u2019s bank card number, PIN, card verification number, mother\u2019s maiden name and their U.S. Social Security number, Netcraft said.The submitted data is then apparently sent to a form processing server in India, Netcraft said.The site pulls images and style sheets from Chase Bank\u2019s webpage. The method is known as "hot-linking" or "bandwidth leeching," Netcraft said. But it also leaves a trail, as the server where the images are pulled from retains\u00a0a log of IP addresses of computers that requested the images, Mutton said.There doesn\u2019t seem to be any advantage to the phishers in using a bank to host the fake page, which doesn\u2019t appear as a secure site to the browser. The URL of the site appears as an IP address rather than Chase Bank\u2019s domain name, another suspicious indicator.On Saturday, Netcraft also found a fraudulent eBay login page with an IP address registered to the Chinese bank.The fake eBay page carried a VeriSign seal, which is supposed to take visitors clicking on it to a page on Verisign Inc.\u2019s site vouching for the security of the site. However, the seal used vouches for the security of an entirely different site.China Construction Bank may be unaware that someone has exploited a security vulnerability on\u00a0its server, Mutton said. It\u2019s also possible the server is infected with a worm that may be allowing unauthorized access, he said. The scam could also be an inside job. "Anyone who has access to a server either authorized or unauthorized could have done it," Mutton said.-Jeremy Kirk, IDG News ServiceFor related CSO content, check out How to Foil a Phish.For related news coverage, read Researcher Hacks MS Fingerprints Reader, Former Gov\u2019t IT Worker Guilty of Hacking and Card Systems, FTC Reach Data Breach Agreement.Keep checking in at our CSO Security Feed page for updated news coverage.