Phishing and Online Scam in China

Presented at DEF CON 19 (2011), Aug. 6, 2011, 6 p.m. (20 minutes)

Today, Ebay, Paypal and WOW are all popular targets of global phishing. However, phishing in China is different from that in other countries. The Chinese government has already placed a lot of focus on this issue, however, online scams have already gone beyond the traditional scope of phishing. For example, one of the top five phishing targets is CCTV, which is an official Chinese TV station that produces several of the most widely distributed Chinese TV channels. I will explain how hackers get money through CCTV phishing. In the first part of the presentation, I will introduce the event about massive online bank phishing attacks, which target customers of the "Bank of China" at Feb, 2011. Then, I will share information about popular scams, which try to trick people into believe they won the lottery or bought cheap tickets. Finally, I will show a case about Taobao phishing, analyze its framework and the source code behind it.


  • Joey Zhu - Staff Engineer, Trend Micro Inc.
    Joey Zhu is a staff engineer at Trend Micro Inc. He joined Trend Micro's CoreTech team in 2005. He is highly experienced on threat knowledge and developed the sandbox for TrendLab when working as an expert at PH in 2007. Since 2008, he has been the leader of the ScriptAnalyzer project, which is analyzing HTML/Script to clean up web threats for browsers. Now he is also focusing on anti-phishing solutions.