Online platforms have long become an important tool for people's work and life, and widely used email addresses have also become a key target for cyber theft by overseas spy agencies.

They use the computer networks of party and government agencies and secret-related units as their main channels for stealing secrets, and "phishing" emails are their usual method of conducting cyber attacks.

What is a "phishing" email?

  "Phishing" emails are a common means of cyberattacks.

Attackers usually forge sender addresses and email accounts to induce target users to click on malicious links or download malicious files, steal sensitive information such as user credentials and data, and even invade and control related terminal equipment.

What are the common techniques?

Pretending to be an official to commit fraud.

Overseas espionage and intelligence agencies will pre-build an email login interface that is highly similar to the target email address, pretend to be an email service provider, and send false "high-risk account warning information" emails to designated users.

After the target clicks, the "high imitation" login interface will pop up. Once the account and password are entered, they will be controlled by overseas spies.

Case 1:

In 2021, a staff member of a secret military enterprise in China received a "phishing" email disguised as a warning message from an email service provider. After being induced to click, the password of their work email account was leaked.

Overseas spy agencies used this password to log into his email and stole a large amount of sensitive work information.

Personalized customization for accurate secret theft.

Overseas espionage and intelligence agencies will collect and analyze relevant email user information in advance, screen out valuable targets, and "customize" email titles and content based on the hot events, work matters or personal affairs they are concerned about to reduce the target's exposure to The defensive psychology of "phishing" emails induces them to download malicious and offensive files to achieve "precise" secret theft.

Case 2:

In 2019, the work email address of a certain municipal government department received an email pretending to be from a county party committee office, with the attachment "Annual Assessment and Approval of Cadres".

Out of trust in the agencies under their jurisdiction, the staff clicked on the offensive files disguised as attachments in the email without verification, resulting in the theft of internal information in the mailbox.

Steal accounts and assume identities.

Overseas espionage and intelligence agencies will also use stolen personal accounts to steal secrets, "hack" into the target's email or social software, and send "phishing" emails that may be of interest to their friends, contacts, etc., and use their friends, contacts, etc. The contact's "undefended" mentality achieves the purpose of stealing sensitive information or inducing the download of malicious and offensive files.

Case 3:

In 2020, overseas spy intelligence agencies took control of the mailbox of a party school professor in a certain place in advance, and used his status as a professor to send an email with the subject "In-depth Analysis of the Spirit of a Certain Plenary Session" to the contact in the mailbox. The relevant recipient clicked to view it. As a result, multiple email addresses were stolen.

What should we do to prevent and respond?

  As one of the main means used by overseas espionage and intelligence agencies to carry out cyber attacks and steal secrets, online "phishing" has the characteristics of low cost, concealment and high harm.

In the current situation of frequent cyber theft, we must always remain vigilant in our work and life and improve our prevention and response capabilities.

Enhance security awareness.

As online "phishing" methods continue to be updated, we must learn what we need to know about network security, enhance our awareness of network security risks, be good at identifying network attack methods, and avoid "biting the bait."

Improve screening capabilities.

We must pay attention to identifying false information in our work and life. For suspicious emails that cannot be determined from source, are suspected of being counterfeit, or ask for account and password, do not easily click or open attachments or links, and avoid entering malicious links or downloading malicious files.

Improve security measures.

Individuals should set a highly secure login password and update it regularly, configure and use security protection functions such as secondary authentication and abnormal login alarms.

Relevant units must strengthen network security measures and implement effective security protection strategies.

At the same time, anti-virus software on computers, mobile phones and other terminals should be installed and updated in a timely manner, and comprehensive physical examinations and anti-virus software should be conducted regularly to prevent cyber thieves from taking advantage of them.

National security agency reminder

  There is no national security without cybersecurity.

If citizens find suspicious secret theft activities through online "phishing" emails, they should promptly call the 12339 national security agency report acceptance hotline, or log in to the Internet reporting platform (www.12339.gov.cn), or contact the Ministry of National Security WeChat official account Report acceptance channels, or report directly to the local national security agency.

  (CCTV reporter Song Jing)