Phishing scams rise in Japan amid pandemic as experts urge caution






The Fukuoka Prefectural Police Headquarters in Hakata Ward, Fukuoka, is seen in this February 2019 file photo. (Mainichi/Michiko Morizono)

FUKUOKA — Victims of phishing cases in which scammers send messages designed to trick people into accessing fake websites and recording their personal information are growing across Japan.

In March this year, “Keiko” (a pseudonym) received several emails from his bank, all with the subject “You have made a money transfer”. The 20-something Fukushima Prefecture resident sensed something was wrong and checked her transfer history through the bank’s official app. She was shocked to see that a total of about 200,000 yen (about $1,500) had been transferred to an unknown bank account in installments.

Confused as to who did it and how, she recalled an email from her mobile operator that she had received hours earlier. It said, “Please update your payment method to the easy payment system from the URL below.”

Keiko regularly used a service that allowed her to pay for her online purchases with her mobile phone charges. When she clicked on the link, a familiar logo for her mobile carrier appeared, and the design looked very similar to the actual website. Undoubtedly, she saved her bank account and credit card number.

This is an example of a phishing case that was reported to the Fukuoka Prefectural Police. Attackers impersonate a company or government agency and send fraudulent emails or SMS (short message service). They rely on fear to scam victims into revealing sensitive information such as usernames and passwords. The term phishing refers to how criminals use “sophisticated” lures to “fish” for data on an indeterminate number of people.

According to the Tokyo-based Council of Anti-Phishing Japan, around 526,500 such scams were reported in 2021, more than 50 times the number of cases in 2017, which was around 9,800. In April 2022 , more than 10,000 fake websites had been confirmed for phishing purposes.

The Tokyo-based Japan Consumer Credit Association says damage from credit card fraud across Japan hit an all-time high of more than 33 billion yen (about $240 million) in 2021. More than 90% of these victims were scammed because their credit card numbers were leaked. Fly.

Behind the increasing damage hides the sophistication of phishing techniques. The Council of Anti-Phishing Japan described that emails impersonating more than 100 companies and organizations, including banks and mobile carriers, were sent.

Recently, attackers impersonating delivery services and even leading online shopping site Amazon and flea market app Mercari are on the rise. Users of these services have increased amid the coronavirus pandemic as people are encouraged to stay home. According to the Ministry of Interior and Communications, the number of households using online shopping has increased significantly since March 2020.

An official from Japan’s National Consumer Center pointed out, “People should pay close attention to fake emails that match their actions and schedules.” Specifically, individuals should watch out for fraudulent emails sent to them before and after a delivery date. “Even those who are usually on their guard become very aware that their package will arrive soon, and the risk of them believing (the fake emails) increases dramatically,” the manager said.

Scam sites that victims access from emails are also elaborately created. Criminals cleverly disguise the URL, for example by replacing the lowercase “l” of the Roman alphabet with the number “1”. Since the designs are made by copying official websites, it would be almost impossible to tell the fake from the real one when looking at the page on a smartphone.

To avoid being victimized, a Fukuoka prefectural police official pointed out that users “should never directly access (a website) by clicking on the URL written in emails.” The manager explained that it is important to always go directly to an official website that he has bookmarked or to official applications that he has already downloaded.

It is also crucial to avoid immediately recording personal information even when asked to do so by SMS or email, and to decide calmly what to do after collecting information online.

(Japanese original by Jintaro Chikamatsu, Kyushu News Department)

Comments are closed.