Recently, there has been a lot of discussion on the Internet about "Sohu employees have encountered epic email fraud, and a large number of employees' salary cards have been cleared".
It is reported that most of the employees have almost fallen into the trap of scammers. After Sohu employees opened the attachment and submitted the relevant identity and financial information, their salary cards were directly cleared by the criminals, and some employees even lost hundreds of thousands of yuan. . Due to the huge amount of money involved, the police have now intervened to deal with it.
On May 25, 2022, Zhang Chaoyang, chairman and CEO of Sohu, finally responded to the matter, saying that the facts are not as serious as uploaded on the Internet. The internal mailbox password of an employee of Sohu was stolen, and the scammer pretended to be the finance department to send phishing emails to the employee; the technical part has been dealt with urgently, and the total loss of funds is less than 50,000 yuan; personal mailboxes for public services are not involved.
This gave everyone a reassurance. At present, phishing email scams seem to be more and more frequent, and there are not a few companies that are similarly tricked. **
The cause of the problem is not only the weak awareness of employees, but also the weakness and insufficiency of the enterprise IT system in terms of security. **
Previously, Bilibili was exposed to phishing email scams. The difference is that the other party used the banner of "2022 financial subsidies" to induce employees of station B to scan the QR code; the same is that the wages of the cheated employees Card balances were also transferred.
Some netizens said that it is too miserable to beat workers recently. Not only do they have to worry about layoffs, but the bank card balance they have worked so hard to accumulate has also been emptied. On May 25, the incident of Sohu employees being defrauded by phishing emails also appeared on the Weibo hot search list, which aroused the attention and discussion of a wide range of netizens.
How is the money in the bank card transferred?
What's interesting is that when I shared this big melon with my friends, many people couldn't understand it, thinking that the money was kept in the bank card, how could it be transferred away because of an email? Some people even asked, would the security be higher if it was the four major banks?
In fact, this has nothing to do with which bank the money is in, because the victim transferred the money to the other party step by step according to the inducement of the scammer. In order to let everyone better understand phishing email scams, we might as well substitute a hypothetical scenario to see if we are being scammed.
On a Wednesday that is no different from usual, you turn on your computer and get ready to go to work, and you find that you have received an email from the company's finance company, which contains "Notice of XX company employee salary subsidy in May". Your heart is instantly ecstatic. In 2022, when the epidemic is raging, many companies have issued enviable subsidies. Today, your own company has finally become the envy of people.
At this time, you still have a little bit of vigilance, so you look at the email domain name again, it is indeed the company's official email, so the last trace of vigilance disappears.
Suppressing the joy in your heart, you opened the attachment named "Wage Subsidy Notice" without any hesitation, and found that you were asked to fill in the specific information of the bank card, including bank card number, identity information and phone number. Since the company usually needs to fill in the card number and other information for reimbursement, you just fill in the information without thinking too much.
Next, you find that there is one last step, you can receive the subsidy after scanning the QR code in the attachment. When you scan and confirm, you think you are waiting for the subsidy to be issued, but the reality is that your money has been transferred by scammers. The reason is that there is a virus hidden in the attachment, which will automatically hijack the verification code text message, and through the verification code, the scammer will transfer all the money in your card.
Now you should understand why so many people are scammed by phishing emails. When you believe it's a company-issued email, you've lost. Out of trust in the company, employees tend to dispel many doubts and fill in various private information. If there is no identity of the company, few people will be fooled by similar scams, which is why people don't understand being deceived -
from the perspective of a third party, the probability of being deceived will be greatly reduced.
Mail system security is becoming more and more important
Recently, the number of ** phishing email scams has increased significantly, and it has shown a trend of flooding. **
The reason is that the cost and threshold of phishing email fraud is very low, but it does not mean that it is invalid. On the contrary, it is the most effective and deceptive attack method. A well-disguised phishing email, plus some luck, often brings huge benefits to the attacker.
For example, in 2016, Hillary Clinton, the former US Secretary of State and a potential Democratic presidential candidate, was caught in it because her campaign team opened a phishing email, which led to the subsequent email incident. To some extent, the world Subtle changes have taken place as a result.
** Because of the high income, phishing emails have been prosperous since their birth, and have developed with the development of the Internet with strong vitality. **
According to data monitored by the Coremail
CAC Mail Security Big Data Center, within two months since March 1, 2022, CAC has monitored tens of thousands of similar fraudulent emails, involving universities, IT industries, manufacturing, Various enterprises and institutions in the foreign trade and service industries, after in-depth tracing, found that the amount involved in this fraud was as high as tens of millions of yuan.
Its modus operandi is very similar to the Sohu incident. Both sent phishing emails under the banner of "economic subsidies" through corporate mailboxes, inducing victims to scan QR codes and fill in financial information such as bank card numbers, passwords, account balances, and ID cards. , mobile phone number and other identity information, once all these information are filled in, the bank card balance will probably be empty, as shown in the following figure:
In these cases, except for a small number of people who are greedy for small gains, most of the victims were deceived because "this is an email issued by the company", so they let down their guard and fell into the trap of criminals middle.
The Sohu incident also sounded the alarm for corporate mailbox security.
As an important way for enterprises to transmit information, email plays an important role in enterprises, and the security of mailboxes is directly related to the security of enterprises. Just imagine, if the attacker hides the ransom virus in the attachment instead of using email to scam, then after the employee clicks on the attachment, it is probably not far from being infected with all the company's computers.
Once invaded by ransomware, the information and data will be locked at least, and the operation of the enterprise will be directly threatened at worst.
In the annual offensive and defensive drills, mailboxes are also the focus of attention of both the offensive and defensive parties, and often become the breakthrough and springboard for launching attacks. According to the data of email phishing reports over the years, there are not a few individuals and companies who are recruited every year. This should attract the attention of enterprises, and it is urgent to strengthen email security.
Strengthen security awareness and build the last line of defense
Some experts said that in dealing with email phishing, employee security awareness is the most powerful and effective measure, and it is also the last line of defense for corporate mailbox security.
** Looking at various forms and levels of phishing emails, the most essential core is to use the weakness of human nature. The difference lies in which method is used to disguise the email**, and finally induce the recipient to download an attachment
or Click on a link. In other words, as long as the recipient's security awareness is high enough, they will naturally be able to see through the tricks of phishing emails, and theoretically they will not be caught in any phishing emails.
Therefore, it is very necessary to regularly organize security awareness training on phishing emails for employees, but it should be noted that **
this kind of training is most taboo to be superficial, but should investigate the current common forms of phishing emails and carry out targeted training * *
. For example, recently there have been a lot of phishing emails on the grounds of "performance appraisal", "wage subsidy" and "epidemic subsidy". If the company organizes training for such phishing emails, it will greatly reduce the probability of employees being recruited.
At the same time, it is necessary to conduct phishing email tests from time to time, rather than immediately after the training. **
During the testing process, the tester should stand in the perspective of the originator of the phishing emails, make targeted phishing emails with a high degree of camouflage, and conduct awareness education on the recruited employees after counting, so as to truly improve the overall security awareness of the enterprise.
At present, many colleges and universities are already conducting phishing email tests. For example, Tsinghua University once produced a high-quality phishing email and sent it to all teachers and students in the name of the technical department. The flaw was that the sender's address was slightly different from the email address of Tsinghua University.
Once someone believes the content of the email and fills in the account number and password in the link, they will receive the "2021 Phishing Email Drill Opening "Award" Instructions": We unfortunately inform you! You came to this page because you failed to recognize the phishing email in this drill. "
Through such "deeply memorable" phishing email tests, the teachers and students of Tsinghua University said that they were both interesting and educational, and they also gained a deeper understanding of phishing emails.
Finally, I would like to share with you some personal anti-phishing email tips.
1. Look at the sender's address. Many phishing emails will pretend to be the domain name of the cost unit, the account number of the boss, the financial department, and the system administrator. At this time, it is necessary to carefully screen the sending address to prevent being deceived.
2. Look at the date of dispatch. Policy emails are usually received during working hours. If you receive emails at unusual times, such as one or two in the morning, you need to be more vigilant.
3. Look at the purpose of the text. Many phishing emails often use the gimmicks of winning prizes, problems with salary payment, and system administrators to adjust permissions, etc., asking recipients to click links or download files, or asking to fill in email account passwords, etc., which are basically phishing emails.
4. Read the content of the text. Don't click the link address in the email easily, and don't click the unsubscribe button in the text, these are likely to be false, or have been implanted with malicious code.
5. See the attached content. Do not click and download attachments in emails at will. Word, pdf, excel, PPT, rar, exe and other files may be implanted with Trojan horses or spy programs.
I hope that migrant workers will never encounter email scams, and I also hope that migrant workers will no longer experience the emo moment when the bank card balance is instantly cleared.
data sharing
Finally, I would like to share with you a wave of network security learning materials:
As a novice, we want to switch to a network security position, or we have a certain foundation and want to further study, but we find that we don't know where to start. In fact, it is not difficult to choose the direction of network security learning and how to combine actual combat with theory. It is very important to find the right way.
Next, I will take you step by step from the growth route to uncover the mystery of Internet security.
1. Growth roadmap
It can be divided into:
1. Basic stage
2. Penetration stage
3. Security Management
Fourth, the promotion stage
At the same time, there are supporting videos for each section corresponding to the growth route:
Cyber Security Interview Questions
Finally, all the information in the network security interview question section that everyone is most concerned about is 87.9G. If you need a full set of "Introduction to Network Security + Advanced Learning Resource Pack", you can scan the CSDN official cooperation QR code below to get it for free (in case of scanning Code problem, you can leave a message in the comment area to get it)~
