First published: 26th November 2015
The Bank of China (Hong Kong) Limited (BOCHK) has warned that the domain www.bankofchinagroup.com redirects to the genuine BOCHK website (http://www.bochk.com/) without authorisation. The case has been reported to the Hong Kong Monetary Authority and the Hong Kong Police. Victims should contact the BOCHK at 3988 2388, and report to the Police or contact the Cyber Security and Technology Crime Bureau of the Hong Kong Police Force at 2860 5012.
This is not the first time that a fake BOCHK domain has been redirected to the genuine BOCHK site. In August 2015, this newsletter reported redirection of www.bochkgroup.com. The HKMA reported that www.bochkgroup.com was "a fraudulent website".
The purpose of redirecting a copycat domain name to the genuine site is not clear. If the intent is fraudulent, some possibilities are:
- Reconnaissance: The browser of a victim that uses the link makes an ordinary request to the fake domain, and the site responds with a 302 redirect error. However, the ordinary request includes information about the browser, operating system, IP address (and therefore general location) of the victim.
- Making a fake site more realistic: Fake sites often copy many pages from the genuine site, so that a browsing victim finds the site convincing. Redirection could be used so that, for one page (e.g. the banking login page) the user remains on the fake site and all other requests are redirected to the equivalent page on the genuine site. This appears not to be the situation in this case, because the redirection does not preserve the relative location on the site.
- Selective Targeting: The fake site may redirect most users to the genuine site, but retain those judged most suitable to be fraud victims, perhaps selected by time, location or other information.