Cyber Incident Victim: Lifespan
Date:
May 2022
Location:
China
Summary
Employees at a Chinese internet company were deceived by an internal email scam that promised financial allowances in exchange for banking details, resulting in financial losses equivalent to thousands of US dollars. The phishing attack originated from a compromised corporate account but did not disrupt broader email services. The incident drew significant public criticism on social media, with users mocking both the security lapse and the perceived financial vulnerability of affected staff. Company leadership characterized the breach as limited in scope and financial impact, emphasizing containment efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 25, 2022, employees at Chinese internet firm Sohu (operating under Lifespan Services) fell victim to an email scam that resulted in financial losses. The incident began when attackers compromised an internal company email account and distributed fraudulent messages impersonating corporate communications. These emails promised special "allowances" to recipients who submitted their personal banking information, exploiting trust in internal channels to bypass typical skepticism toward external phishing attempts. Approximately two dozen employees provided their financial details in response to the deceptive request. Subsequent unauthorized transactions led to collective losses estimated at $6,000 USD (equivalent to under 50,000 yuan according to CEO statements). The breach was detected after affected employees reported discrepancies, prompting immediate intervention from Sohu's technology department. Containment measures included securing the compromised account and preventing broader service disruption to Sohu's email systems.
The incident generated significant reputational consequences for Sohu, trending atop Weibo's search list as users criticized the company's cybersecurity posture. Public commentary highlighted irony in a former internet pioneer becoming susceptible to basic phishing tactics, with some attributing the scam's success to employee financial desperation amid Sohu's declining market position. While the direct financial impact remained limited due to containment efforts, the breach coincided with Sohu's addition to the SEC's delisting watchlist for non-compliance with auditing requirements—a separate but contemporaneous business challenge. Broader context emerged through reports of Chinese authorities combating telecom fraud, having resolved over 441,000 related cases with 690,000 arrests in the preceding year. Sohu CEO Charles Zhang publicly characterized the incident as minor through Weibo posts, emphasizing contained losses and uninterrupted services while acknowledging the need for internal security improvements.