All employees of Sohu suffered from wage subsidy fraud. By what means did the other party commit fraud?

/kloc-In May of 0/8, all employees of Sohu received an email from "Sohu Finance Department" titled "Notice of Employee Salary Subsidy in May". A large number of employees scan the code according to the requirements of the annex and fill in the bank account number and other information. But in the end, not only did I not wait for the subsidy, but even the balance in the salary card was taken away. According to the employees of the company, the company's usual reimbursement process is like this, and the email source also shows the company's internal domain name, so we relaxed our vigilance. As for why employees don't remind each other, it's because we signed a salary confidentiality agreement with the company. Afterwards, Sohu quickly took action to delete the relevant emails, and the ES department came forward to summarize the information of the deceived employees and reported it to the police station.

In fact, online fraud encountered by Sohu employees is a very common means of fraud. Many internet companies have recruited before. The specific operation of the scammer is as follows: the scammer first steals or maliciously registers a company internal email address, and then uses this email address to send emails to other employees to trick them into entering their account numbers and passwords on phishing websites (in fact, fake company email login pages), thus defrauding email passwords. Many employees of the company fill in the relevant contents in detail after receiving the information sent by the company mail, including sensitive contents such as bank card number, mobile phone number and verification code. Because employees have mutual confidentiality requirements for wages, the success rate of scammers is generally high.

On the afternoon of May 25th, Sohu CEO responded that the fraudulent emails received by some employees' mailboxes 18 were actually leaked by an employee who was accidentally caught fishing while using the mailboxes, and then pretended to be sent by the finance department. After the incident, the company's IT and security departments conducted emergency treatment at the first time. And report the case to the public security organ. According to statistics, * * * 24 employees were defrauded of more than 40,000 yuan.

For individuals, it is necessary to raise safety awareness and remain vigilant. If you receive an email similar to "scan the QR code to receive subsidies", check with the relevant departments of the company in time, and don't believe it easily; You don't need to provide a bank card password and a mobile phone verification code to receive any subsidies. This is the last firewall to protect money. Don't tell anyone.