The Clifton, N.J.-based Comodo Antispam Labs identified a new phishing attack targeting business and consumer users of Alibaba.com, a global, Chinese e-commerce site that has some 400 million active users.

As part of a random phishing campaign, fake emails were sent from what appeared to be an Alibaba.com email address, [email protected]. Alibaba.com brings in more than $12 billion in annual revenue, according to Time Inc.

The phishing emails asked Alibaba.com customers to verify their account information to cut down on spam and ironically, fraudulent emails. Those behind the phishing emails then attempted to steal passwords when users logged in to verify their information.

The Comodo Antispam Labs team identified the Alibaba.com phishing email through IP, domain and URL analysis. Two verification links inside the email both hyperlinked to the same location – a landing page that included the Alibaba.com logo and a sign-in section.

Sponsored Download

This manual is packed with actionable info that you need to have to prevent infections, and what to do when you are hit with ransomware.

 

After the user logged into the system using an email address and password, the user received a message stating the "verification" was complete — which meant cyber thieves had stolen his or her login information. The cyber thieves' sending IP and email addresses were identified as 91.231.87.147 and [email protected].

Fatih Orhan, director of technology for Comodo and the Comodo Antispam Labs, discussed how a phishing attack against a Chinese e-commerce company could potentially affect U.S. financial institutions and consumers.

"Alibaba might be China-based, but it has millions of users around the world, including in the U.S.," Orhan told CU Times. "Phishing attacks are varied and dispersed – and don't discriminate based on the geography of any company, regardless of where the company's origins are."

He added cyber thieves rely on the fact that businesses and consumers work across time zones and currencies to reach the maximum number of targets.

"At the end of the day, phishing attacks are exactly that, casting a wide net and hoping for businesses and consumers to take the cyber bait," he said.

Orhan said cybercriminals are becoming more creative by the day, and are trying to use breaking technology news to take advantage of occupied businesses and consumers to steal data, passwords and financial information.

"As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cyber criminals, protect and secure endpoints, and keep enterprises and IT environments safe," he added.

Alipay, an online payment service run by Alibaba.com affiliate Ant Financial just launched in Europe with the goal of tapping into the growing number of Chinese tourists traveling to the continent.

Alipay allows people to pay for items in stores and online across China. The Chinese are the top international spenders, and France, Italy and the U.K. are where foreign tourists spend the most money, according to the Swiss tourism shopping tax refund company Global Blue.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).