Live Global Events: Secure, Simplify, and Transform Your Business.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Chinese Phishing Sites: Stocks and Government Lottery

December 15, 2010 - 2 min read

I find Chinese phishing sites particularly interesting. For starters, they don't seem to attract too many security researchers. I have found that very few Chinese sites are blocked by Phishtank or Google Safe Browsing. Additionally, the type of phishing is very different from what we see in the US or other western countries. While sites related to banking (PayPal, Bank of America, JPMorgan, etc.) are the primary targets of phishers overall, Chinese phishing sites are mainly focused on QQ (instant messaging, online games, etc.) or Yahoo! Auctions.

Recently, I found two Chinese phishing/scam sites: a site about stocks from Shanghai Huaer Securities and a site for a government lottery. These two types of sites use a large number of pages with an iframe displaying the main site, and both follow a similar layout. The domain names are registered to different people, so the phishers may not be affiliated.

Shanghai Huaer Securities

This site claims to be a stock trading company for the Shanghai Securities market.

Shanghai Securities trading site

The main sites is hosted on The "Add to Favorite" links do not use the same domain. Rather, they leverage short links ( which redirect to, which is simply an iframe to

There are many sub-domains which display this website:

Government Lottery

The second type of site claims to be a government lottery. Proceeds are purported to help the kids you see on the right side. I found two slightly different versions of this site.


Fake government lottery


This site is hosted on these domains:

And the following domains contain an iframe to one of the sites above: 

These sites are not blocked by any popular phishing denylist that I am aware of and will therefore likely stay up for some time.

-- Julien

form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.