In the past few days, there are many reports from Chinese internet users saying that when they try to access gmail account, they are redirected to a url: http://18.104.22.168/web/gmail/
and asked to re-enter their password.
Today NTDTV.com disclosed that the url is a phishing page for stealing users’ password. It is believed that local ISPs are involved in the phishing activities.
The phishing website looks exactly the same with Gmail but the server is from Urumqi.
Moreover, some China Unicom users said that even when they have logged in their Gmail account, the ISP would ask them to “re-enter” the password. The source codes show that it is phishing activities again:
The NTDTV.com report suggested user to check the login history of their Gmail account and change their password. In addition, they should check their filter setting and see if some of their emails be redirected to other email account.
The report also said that the ISPs level phishing is to create a sense of insecure feeling among gmail users and force them to stop using Google service.