KnowBe4 - Unmasking the Threat: Why Phishing Scams are Surging in Japan

Unmasking the Threat: Why Phishing Scams are Surging in Japan

Japan has a large number of Forbes Global 2000 corporations--more than the UK, Germany, and France combined. Despite this economic strength, Japan faces an alarming and growing threat from phishing attacks, which is much worse than previously assumed.

According to findings by Mailsuite, Japan is frequently targeted by phishers, particularly impersonating its major brands. Telecom firm au by KDDI, for instance, has been exploited in 18,964 phishing scams since January 2020. Another frequently impersonated brand is the Japanese payment service JCB, which has been used in 14,907 phishing scams.

Japanese specialists confirm that these findings align with other research by Cloudflare and Vade. KDDI's cell phone service name, "au," is often abused due to its similarity to the Australian ccTLD, fooling many into thinking phishing emails are legitimate. Moreover, other major brands like train company JR East and retail franchise Aeon have also seen over 10,000 verified phishing scams each.

The problem has reached such an extent that 2023 saw a record number of phishing scams in Japan, surpassing the previous annual record for unauthorized money transfers within just six months. The trend has extended into 2024 and Hisashi Arai from KDDI’s UX and Quality Department highlights the sophistication of these phishing sites, which mimic legitimate screens almost identically, making detection difficult.

Compounding the issue is the low adoption rate of DMARC by major Japanese companies, trailing behind those in the Philippines and Thailand. Japan's economic affluence, ranking third globally by GDP, makes it an attractive target for North Korean and Chinese cybercriminals. Additionally, cultural factors, such as Japan's strict adherence to deadlines, make citizens more vulnerable to phishing attempts using urgent language.

The Council of Anti-Phishing Japan’s monthly reports further underscore the severity of the situation. Additionally, a recent Cloudflare announcement listed several Japanese brands frequently targeted in phishing scams, including Mitsubishi UFJ NICOS, Rakuten, JR East, and Aeon. 



from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/unmasking-the-threat-why-phishing-scams-are-surging-in-japan

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

US-CERT - SB18-169: Vulnerability Summary for the Week of June 11, 2018

Original release date: June 18, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity
Read more