Today, I have come across a phishing page which is surprisingly being hosted in one of the Chinese government website that targets Paypal users.
The paypal phishing page is hosted in the "hxxp://www.121.gov.cn/app/p/index.html" that shows the fake login page of Paypal.
Once the victim enters his credentials and proceed to login, he will be redirected to another page where he will be asked to provide his financial info including name, address, credit card details.
Then users are asked to provide 3 digit secure code, password, security questions.
Once all the details have been entered, you will be redirected to page where it says: "Your information has been sent successfully. For your security, you will be automatically logged out.Thank you for using PayPal". This page redirects to the original paypal login page.
Sub-domain of the Brazilian State of Minas Gerais government website "hxxx://www.camaramontesanto.mg.gov.br" is found to be host same type of phishing page.
PhishTank record shows the 121.gov.cn hosts the phishing page from May 8 and camaramontesanto.mg.gov.br is from May 23.