According to the WeChat official account of the Ministry of National Security, "[Electronic Invoice] Mr. Zhang, your invoice has been issued, please click to download" - when this email with your real name pops up in your inbox, will you click it subconsciously? Attention! This may be a precise cyber attack carried out by overseas spy intelligence agencies. Once the attachment or link in the email is clicked, the device will instantly become a "breakthrough point" for espionage and theft, and security risks will follow. The invasion tactic of "invoice trap" is a combination of title temptation and urgency to force orders. At the end of the year and the beginning of the year, due to busy reimbursement and urgent accounting, overseas attackers seize the time of settlement and account closure, disguise themselves as customer service representatives of telecommunications operators, e-commerce platforms, or travel platforms, and construct phishing emails with the theme of "recipient name+electronic invoice". The email body will also emphasize the words "overdue cancellation" and "invoice needs to be reissued due to errors" to create a sense of urgency and reduce vigilance, as many people subconsciously wonder "how much harm can an invoice pose"? But the real trap lies in the attachment or link, which appears to be an ordinary invoice file, but is actually a Trojan program carefully disguised by overseas hacker organizations. The 'leak machine' and 'monitor' have been launched. At the moment of clicking on "invoice attachment", the Trojan will automatically invade your network devices. The attacker can not only transmit sensitive data such as enterprise contracts, project information, scientific research achievements, etc. from the computer to overseas, but also obtain bank passwords, system credentials, personal privacy and other information through monitoring keyboard input. They can even remotely turn on cameras and microphones to spy on the office environment and eavesdrop on voice messages. Not only will it cause irreparable losses to individuals and organizations, but it may also lead to the leakage of state secrets and damage to national security. Turn on the more harmful 'radiation source'. Overseas attacks have not stopped here, and greater harm will follow. Attackers may tamper with important data in the computer, or use controlled email identities to deceive your colleagues, friends, and even use stolen privacy information to drag you down. And this remotely controlled computer will also become a "springboard" for attackers to peek into the internal network of the workplace. They use the trust relationship within the internal network to scan the network system of the victim's unit, further expanding their control range, stealing more important data, and even paralyzing the network information system at critical moments. National security agencies remind to investigate the "source" and be alert to unfamiliar senders. When receiving emails from the so-called "finance department" and "invoice platform", it is necessary to first check the sender's email: official email often contains company specific domain names (such as "@ company. com" and "@ gov.cn"), while phishing emails are usually temporary registered email addresses with common suffixes using commercial public email addresses. It is important to carefully identify and avoid clicking or replying. Distinguish 'details' and be wary of hidden poisonous horses. As shown in Figure 4, the extension of the attack email attachment appears to be in document formats such as ". zip", ". pdf", and ". xlsx", but it is actually bundled with a special Trojan program. Do not click to download. As shown in Figure 5, if you encounter a pop-up prompt that says "Login to account first" before downloading the invoice, it means that the attacker wants to steal your email password. Do not click and delete it in a timely manner. Take "protection" measures to promptly block the spread of risks. If you accidentally click on a suspicious email, you should immediately disconnect the device network, close sensitive accounts such as quitting the office system, synchronously use anti-virus software to scan the whole system, and report to the network security department of your unit in time. After your unit confirms that it has been attacked from abroad, you can report to the local national security authority through the 12339 national security authority report acceptance telephone, the network report acceptance platform (www.12339. gov.cn), the WeChat official account of the Ministry of National Security or directly report to the local national security authority. (New Society)