(Yicai Global) May 25 -- Twenty-four staff at Sohu, one of China’s biggest email services providers, were recently cheated out of more than CNY40,000 (USD5,993) in an email fraud. Industry insiders said the incident has exposed weaknesses in the firm’s information technology system.

Sohu said the incident did not involve its user mailbox service and it will continue to upgrade network security measures. The Beijing-based company added that it was awaiting the findings of a police investigation.

All Sohu employees appear to have received an email purportedly from the firm’s finance department on the morning of May 18, online posts showed. Some were taken in and clicked a hyperlink in the email, which was sent from Sohu’s internal domain. They subsequently filled in their bank account numbers and other information on a phishing page that opened, and as a result, money was stolen.

Many Sohu employees told Yicai Global about the existence of the phishing email. “We really let down our guard, since the email was sent from an internal email account,” one of them said.

The incident is not an isolated case, according to a cybersecurity expert Yicai Global spoke with. Fraud using the same tactics has happened many times before. The reason is not just a lack of awareness among employees, but also the weakness of corporate IT systems.

In February, staff at Chinese video streaming site Bilibili claimed that there were phishing links in the company’s internal emails, which also led to financial losses.

Editors: Liao Shumin, Peter Thomas