Please view the main text area of the page by skipping the main menu.

Phishing scams surge in Japan amid pandemic as experts call for caution

The Fukuoka Prefectural Police headquarters in Hakata Ward, Fukuoka, is seen in this file photo from February 2019. (Mainichi/Michiko Morizono)

FUKUOKA -- Victims of phishing cases in which scammers send messages designed to prompt fear to make people access fake websites and register their personal information are increasing across Japan.

    In March this year, "Keiko" (a pseudonym) received multiple emails from her bank, all with the subject line "You've completed a money transfer." The Fukushima Prefecture resident in her 20s felt something was off, and checked her transfer history via the bank's official app. She was shocked to see that a total of about 200,000 yen (some $1,500) had been transferred to an unknown bank account in several batches.

    Confused as to who did it and how, she remembered an email from her mobile carrier she'd received a few hours earlier. It read, "Please update your payment method to the easy payment system from the URL below."

    Keiko regularly used a service which allowed her to pay for online shopping together with her mobile phone charges. When she clicked on the link, a familiar logo of her mobile carrier showed up, and the design looked very similar to the actual website. Without a doubt, she registered her bank account and her credit card number.

    This is an example of a phishing case that was reported to Fukuoka Prefectural Police. Attackers impersonate a company or government agency and send fraudulent emails or SMS (short message service). They rely on fear to scam victims into revealing sensitive information such as IDs and passwords. The term phishing refers to how criminals use "sophisticated" lures to "fish" for data on an unspecified number of people.

    According to the Tokyo-based Council of Anti-Phishing Japan, approximately 526,500 such scams were reported in 2021, which is more than 50 times the number of cases in 2017, which stood at around 9,800. As of April 2022, more than 10,000 fake websites had been confirmed that were for phishing purposes.

    The Tokyo-based Japan Consumer Credit Association says damage caused by credit card fraud across Japan reached a record high of over 33 billion yen (roughly $240 million) in 2021. More than 90% of these victims were scammed due to their credit card numbers being stolen.

    Behind the increasing damage is the sophistication of phishing techniques. The Council of Anti-Phishing Japan described that emails mimicking more than 100 companies and organizations including banks and mobile carriers have been sent.

    Recently, attackers impersonating delivery services and even the major online shopping site Amazon and the Mercari flea market app are on the rise. Users of such services have been increasing amid the coronavirus pandemic as people are encouraged to stay home. According to the Ministry of Internal Affairs and Communications, the number of households using online shopping has increased significantly since March 2020.

    A National Consumer Affairs Center of Japan official pointed out, "People need to pay particular attention to fake emails that match their actions and schedules." Specifically, individuals need to be careful of fraudulent emails sent to them before and after a delivery date. "Even those who are usually on guard become strongly aware that their package will be arriving soon, and the risk of them believing (in fake emails) greatly increases," said the official.

    Fraudulent sites that victims access from the emails are also elaborately created. Criminals skillfully disguise the URL, such as by replacing the lowercase "l" in the roman alphabet with the number "1". Since the designs are made by copying official websites, it is reportedly almost impossible to tell the fake from the real when looking at the page on a smartphone.

    To prevent becoming victimized, a Fukuoka Prefectural Police official stressed that users "should never directly access (a website) by clicking on the URL written in emails." The official explained that it is important to always go directly to an official website that they have bookmarked, or official apps they have already downloaded.

    It is also crucial to avoid immediately registering personal information even when asked to do so via SMS or email, and to calmly decide on what to do after collecting information online.

    (Japanese original by Jintaro Chikamatsu, Kyushu News Department)

    Also in The Mainichi

    The Mainichi on social media