Autoplay
Welcome to the WeChat subscription number of “Sina Technology”: techsina
Text / Tang Yahua and Zou Shuai
Source/deep burning (ID: shenrancaijing)
Sohu, an email service provider, was targeted by email scams.
According to an online WeChat group chat record, all Sohu employees received an email on the morning of May 18 entitled “Sohu Finance Department’s May Employee Wage Subsidy Notice”, the sender’s domain name is “sohutv- legal”, and the text of the email is again marked from the Sohu Finance Department. Under the layers of packages, this looks like a serious internal mail. Some Sohu employees clicked in, followed the instructions, filled in their personal information, and the balance on the bank card was debited.
On May 25, the incident continued to ferment, and it was once ranked first in the hot search on Weibo. Sohu CEO Zhang Chaoyang also responded publicly.
This is a classic email scam. Criminals often pretend to be insiders of the company, send mass emails, and insert links to extract personal information in the emails. Once someone believes it, the balance on the bank card will be stolen.
Nowadays, Internet telecommunications frauds emerge in an endless stream, and criminals change their tricks and touch the victim’s wallet along the network cable. Among them, email fraud is one of the most difficult forms to prevent, because it is difficult to intercept and easy to disguise, so that everyone is repeatedly deceived.
Some netizens described Sohu’s experience as “the eagle’s eye was pecked by the eagle”, which means that as a big Internet company, especially a big company that also provides email services, criminals can seize the loopholes. In this regard, some technicians explained that the problem with this incident is that emails sent from external mailboxes may be intercepted by the company’s system, but if they are sent from employees’ mailboxes and the address is internal, it is likely to bypass the interception. In general, it is impossible to guard against.
At present, Sohu has already reported to the police, and whether the more than 40,000 yuan defrauded by the 24 employees involved can be recovered depends on the results of the investigation. This incident also reminds the majority of users, and even Internet companies, that they must not take it lightly when it comes to preventing online telecommunications fraud.
Email Fraud Routines Never Die
A Sohu employee told Shen Ran the timeline of the incident.
In the early morning of May 18, the email was sent, but it was far from work time at that time, and many employees were asleep. “I looked at my phone at seven or eight in the morning, and saw that my colleague reminded me not to open the email in my mailbox. I went to my mailbox to check it, but I didn’t see it. Maybe it was dealt with.”
Immediately, the company sent a notice in the department group, asking the deceived employees to fill in the form, “There are more than 600 people in our department, and no one has filled it.” Said, still no one fills in.
He said that there are indeed several doubts in this matter. First, the email was sent in the early morning, not during working hours; second, there was no news that the company would send so-called subsidies; third, according to previous experience, subsidies were generally items. Therefore, there is no advance notice, and the whole thing is very strange.
However, there are still many employees who said they received the email, and at first glance it seemed like it was real. According to The Paper, a Sohu employee said, “Because the suffix of the email is a company email, there is less precaution.” Another employee said that the email provided guidance through a link, requiring employees to fill in personal bank card numbers and mobile phone numbers. information. “The bank card number is usually provided for reimbursement, so I didn’t pay much attention to it.”
On the morning of May 25, Sohu CEO Zhang Chaoyang posted on Weibo that “things are not as serious as everyone imagined.” He explained on Weibo that the incident was that the internal mailbox password of an employee of Sohu was stolen, and the thief pretended to be the finance department and sent a letter to the employee. In addition, he said the incident did not involve mailboxes to public services.
Subsequently, Sohu’s official Weibo issued a statement, stating that after the incident, the company’s IT and security departments took immediate action and reported the case to the public security organs. 24 employees were defrauded of more than 40,000 yuan, and they are still waiting for the police’s investigation and results.
Source of notification in Sohu employee group / Photo courtesy of respondents
Some netizens said that if they encountered this kind of email, it said “subsidy” instead of such an obvious lie as “payment of wages”, they would definitely not be able to open it. This is precisely the psychology of criminals stepping on the target. Attacking the internal mailbox is only the first step, and a title of “attractive and reasonable” is required.
On the afternoon of May 25, Zhou Hongyi, CEO of 360 Group, posted on Weibo, mentioning the routine of email fraud. He analyzed that he sent emails to everyone under the guise of the unit, such as salary increase lists, etc., and then made Excel, PDF, Word, “You can’t help but look at it, as long as you open it, there will be malicious programs or codes. Take advantage of the vulnerability to get in, and then launch further cyber attacks on you.”
The screenshot of Sohu’s internal chat records circulated on the Internet mentioned that Sohu, as a company that does email, has its own mailbox hacked instead. This kind of thing is like “an Internet company whose home was stolen.” The only victims, such scams are not new.
After the incident was discussed on the Internet, many netizens said that their companies have encountered similar situations, and even some companies will organize “anti-fraud exercises” and send emails to test whether employees have anti-fraud awareness.
A netizen named “Peach” on Xiaohongshu said that recently she also received an email with the subject of applying for the wage subsidy in May. Scan the code according to the instructions and fill in the information such as name, ID number, bank card number, mobile phone number and so on. After entering the verification code, the page keeps loading, and she enters the verification code again. Then she checked her account and found that the money had been deducted from the bank card, totaling more than 7,000 yuan, showing that it was used to pay electricity bills.
The operation of using email fraud is that criminals steal the internal mailboxes of company employees, send mass emails to the company employees in the mailbox address book, claiming that the company has issued a certain notice, scan the QR code with WeChat or click the link to fill in the information. As a result, the employee’s name, ID number, bank card number, verification code and other information were successfully obtained. This is also the reason why many SMS sending verification codes will prompt, do not tell others the verification code. The importance of the verification code is almost the same as the password.
Lawyer Li Sheng, a partner of Beijing Zhipu Law Firm, told Shen Ran that in fact, this kind of case has happened many times before. Not long ago, the mailbox system of the “floor king” Daya Dekor was hacked, resulting in the loss of the company. Millions of dollars. In such cases, funds are generally recovered by reporting the case to the police to find the source of the attack. However, due to the particularity of the network, the identity of the hacker is often difficult to determine, so the stolen funds in many cases are difficult to recover.
How to steal money from bank card by mail?
Let’s break down how the trick to fool Sohu employees is carried out.
Chen Bin, a senior practitioner in the field of information technology and NETSTARS CTO, told Shen Ran that this email fraud method, also known as “phishing”, has existed for nearly 20 years and is very rampant. He explained that most people receive a lot of similar emails every day, such as the bank has a message that needs to be confirmed, a merchant has issued a coupon.
“As long as the corresponding link is clicked, the ‘phishing’ program may be downloaded to the user’s system, and then the computer browser will be scanned by the hacker’s software script. If the user is set to remember the password on many web pages, the password will be used when browsing On a file on the computer, the hacker will drag that file out and get the password,” he explained.
Many people’s mailbox passwords are easily obtained by hackers. Chen Bin added that there is another kind of smart software that can listen to the user’s input on the keyboard. “If you log in to a certain banking system, the system will listen to the sound of you pressing the keyboard to enter the password, and return the result to the phisher, and your account password may be leaked.”
After successfully obtaining a password, hackers usually go to “crowd stuffing”, because some people use the same password for various accounts such as mailboxes and bank cards. The so-called two-stage phishing is to fish for the password first, and then hit the user’s valuable asset account. Another technical expert, Zhang Rui, said that hackers would use a password book to log in to various web pages continuously through technical means, record the successful logins, and then “drag the library” to enter the database by hacking and drag the username and password away. There is also a method called “social engineering”, that is, after hackers obtain an account password, they forge various identities to chat with the target person, and ask for the password.
Let’s take the mailbox as an example. If the employee whose mailbox is stolen has the right to send emails to all employees, hackers may use this mailbox to send all employees a letter. And hackers can change their email addresses. Zhang Rui mentioned that there is a way to “fake email gateways”, that is, for some email servers with low security levels, they use technical means to forge the source as a specified email address when sending emails.
If the employee mailbox obtained by the hacker does not have permission to send emails to all employees of the company, it is not difficult to capture the mailbox of the person in charge of the company’s financial department. Chen Bin, for example, a hacker can pretend to be the employee and send an email to the person in charge of the company’s finance department, pretending to be consulting. password, and use the authority of the finance department to send emails to all employees.
As for the hackers who pretended to be the company and sent emails to employees to defraud information, there are many ways. Chen Bin mentioned that some scammers pretended to be the company to send out something like “In order to strengthen the security of the company’s information, everyone must replace the old password of the account with a new one today. ”, when changing the password, the system prompts to enter the old password first, and then enter the new password, so that the crooks have mastered both passwords of the user.
The next step in getting the password is getting the asset. Ricky, an employee of a large technology factory, explained that the money on the bank card is divided into two categories, transfer or consumption. If the transfer is a little more troublesome, most of them require authorization, such as passwords, verification codes, etc.; consumption is simpler, and you do not have to enter the mobile phone verification code bound to the bank card.
There are two situations here. One is that the fraudster uses certain skills to gain user trust and obtain personal information such as bank card number, password, verification code, etc., so it is quite easy to take away the assets in the card. Another is that the liar just obtained the user’s bank card number and obtained the password through “credential bumping”. In addition, the web version of some banks has no verification function. If you have the account password, you can log in directly, or you may debit the bank card. money in.
In this way, from clicking on a spam email or an unknown link, to the theft of one’s own account, to the transfer of money from the bank card, a complete path comes out.
Fraud based on trust is the most difficult to prevent
Many people may question, is it so easy to hack the mailbox of a big Internet company with a technical background? Are employees in big factories so vigilant?
Many netizens also reported that it was because they saw that the email displayed the internal domain name of Sohu. This leads to another important topic, which is the security measures of Dachang mailboxes.
Chen Bin mentioned that in general, large companies have anti-phishing software. During the process of external spam or virus emails entering employees’ mailboxes, they are intercepted by the company’s emails. Some anti-phishing software is used when employees click on the email. , synchronously scans, and prompts whether the message is at risk.
But the problem is that “risky emails sent from external mailboxes may be intercepted by the company’s system, while those sent from employees’ mailboxes, whose addresses are internal, are likely to bypass the company’s interception of phishing software,” Ricky said.
Who is to be held responsible after such an event occurs?
Li Sheng told Shen Ran that employees were deceived due to the theft of the company’s internal mailboxes. First, the person who carried out the theft of mailboxes and money should be held accountable; secondly, large Internet companies must have special network security departments, and the company can be held accountable internally. ; In addition, if the company has obvious omissions in operation or management, it also needs to bear corresponding responsibilities.
“Specifically, we need to see whether the company has fulfilled the necessary network security management responsibilities, such as whether the security policy of the system platform is regularly reviewed, and network risks are regularly assessed, whether the company’s information security technical specifications, standards and management systems are complete, and whether the company pays attention to The latest network security vulnerabilities, virus announcements, attack methods and timely preventive measures, etc.”
For the company, “Sohu, as a well-known Internet technology company, the theft of its internal mailboxes will definitely make the public question the level of its network technology and have a negative impact on the company’s image. Sohu can ask the hackers to pay for the economic losses caused by this. Compensation. The defrauded employee can ask the company to make corresponding compensation first if there is no obvious fault, and after recovering the money, the company can recover the money from the hacker.” Li Sheng said.
In terms of sentencing, Li Sheng mentioned that defrauding employees’ bank card numbers in the name of granting subsidies, defrauding the money in the card, and reaching a certain amount, constitutes a crime of fraud. The technical means to defraud public and private property worth more than 30,000 yuan has reached the level of “huge amount” in the crime of fraud in Article 266 of the Criminal Law. “The perpetrators are suspected of illegally obtaining computer information system data, illegally controlling computer information systems, and crimes of fraud, and they need to bear corresponding criminal responsibility for this.”
Finally, I remind everyone again to be alert to fraud and to start from all aspects.
Combined with the opinions of many technical experts, first of all, you should clearly look at the received emails and text messages. For information sent by a business or enterprise, the email domain name should be the name of the enterprise. It is necessary to check whether the sender’s address is real and whether the URL of the opened web page is legitimate.
Secondly, in terms of personal account security, “many users’ password settings are too simple, and most of them use their own and their family’s names, birthdays, anniversaries, phone numbers, etc. These information can be easily obtained by various means. Just keep trying with technical rules.” Zhang Rui said.
For account security, in addition to attaching importance to password settings, bank card security settings are also required. For example, a transfer exceeding a certain amount requires face recognition or voice confirmation; when it is not necessary, the full bank card number is not provided, only the first four digits of the card number are provided. And the last four digits; when scanning the QR code, pay attention to the on-screen prompts, do not click OK if it is wrong with the scene, and do not scan the code of unknown source.
Li Sheng also reminded that if strangers request transfer and remittance through the Internet, text messages, phone calls, etc., do not listen to them; do not click on various links sent by strangers on text messages and social software; do not believe the winning information of the pie in the sky. , high-interest loan information; finally, don’t easily disclose your or your family’s identity information, contact information, etc. to others. When encountering suspected fraudulent information, you must verify it in multiple ways to avoid being deceived.
However, all methods of avoiding pits are difficult to solve fraud based on trust. Like the Sohu employee incident, it is because some employees believe that this is information from the company. “Security is a confrontational issue. When the interests are large enough, there will be experts watching, and the two sides will make moves against each other.” Zhang Rui said. All we can do is be vigilant and keep our eyes open.
*The title image comes from Visual China, and the pictures in the text come from unsplash. At the request of the interviewee, Zhang Rui and Ricky are pseudonyms in the text.
This article is reproduced from: http://finance.sina.com.cn/tech/csj/2022-05-26/doc-imizmscu3432502.shtml
This site is for inclusion only, and the copyright belongs to the original author.