Chinese internet firm Sohu’s employees duped by email scam that promised ‘allowances’ to those who provide their banking data

Two dozen employees at Sohu last week lost about US$6,000 after they fell victim to an email scam that used a hacked account in the company
While online scams are not uncommon in China, cybersecurity breaches in major hi-tech firms have become rare

Cybersecurity

Coco Fengin Beijing

Published: 6:00pm, 25 May, 2022

Why you can trust SCMP

Chinese internet portal operator Sohu.com said on Wednesday that two dozen employees lost more than 40,000 yuan (US$6,000) after they fell victim to an email scam, which promised “allowances” to recipients who provide their bank accounts and other personal identification information.

The 24 employees believed the email was authentic because it was sent from an undisclosed Sohu employee’s account, which was later found to have been hacked and used to send mail purportedly from the firm’s corporate finance department, according to a statement posted by Sohu on microblogging platform Weibo.

The email sent on May 18 had the subject “Notice on the wage allowance for May”, according to a report on Wednesday by The Beijing News, a Chinese Communist Party-owned newspaper. Some of the duped employees lost their savings after providing their banking data, the report said.

That Sohu email account was compromised after an employee’s password was leaked in an accidental phishing incident, according to Beijing-based Sohu. It said the case has been reported to the police for further investigation.

Sohu.com founder Charles Zhang Chaoyang attends an internet conference in Beijing on August 28, 2014. Photo: Shutterstock

Sohu founder, chairman and chief executive Charles Zhang Chaoyang said in a post on Weibo that the incident “isn’t as severe as people assume”. He indicated that measures taken by the company’s technology department kept the total financial loss to below 50,000 yuan.

In addition, he said the incident did not affect the email services of all Sohu users.

While online scams are not uncommon in China, cybersecurity breaches in major hi-tech firms have become rare. As such, Sohu’s reputation has taken a hit on Chinese social media.

The email scam at Sohu on Wednesday was trending on top of the search list of Weibo, which is affiliated with Sohu’s competitor Sina.com.

One Weibo user posted a comment that it was a shame for Sohu, once known as one of China’s leading internet portals, to become prey for scams and phishing activities. Other Weibo users said the reported financial loss reflected how destitute Sohu employees have become.

A Chinese internet pioneer falls out of billion-dollar club

Sohu, one of the first Chinese tech firms to list on Nasdaq in 2000, last month said it is looking to exit the US exchange, signalling that the company is not confident about meeting strict auditing requirements.

The firm’s announcement came after the US Securities and Exchange Commission added 12 more Chinese companies, including Sohu, to a list of stocks that face a potential delisting for failing to comply with US auditing oversight law. In China’s highly competitive internet market, Sohu has lost relevance over the years and has seen its market value shrink to US$525 million.

The recent incident at Sohu, meanwhile, showed that there remains plenty of work to do for the government to crack down on cyber scams. In March 2021, Beijing launched an anti-fraud mobile app to warn users of any calls, text messages or installed apps that are suspected of being associated with fraudulent activities.

Chinese police last year cracked more than 441,000 cases related to telecommunications and cyber fraud, arrested more than 690,000 people and returned 12 billion yuan of defrauded money, according to state-run Legal Daily.

Post