#Japan #Tokyo #Monex Securities #NHK #GMO Click

September Increased Phishing Activities

In September, an alarming increase in phishing sites targeting GMO Click Securities was reported, as it escalated to the top position in the phishing site rankings after having no reports the previous month. Other once-popular victims like Daiwa Securities, Nomura Securities, and SBI Securities saw a decline in phishing attempts, suggesting that attackers are swiftly shifting their focus to new targets. Additionally, phishing websites impersonating government census surveys, which began at the end of September, have emerged, aiming to extract sensitive login information by instilling fear of penalties for non-response. This increase in phishing activity coincides with the fact that census surveys occur on a nationwide scale every five years, making them prime targets.

Moreover, a rise in phishing sites tied to seasonal factors and events, such as Halloween lottery scams, has been observed, highlighting the opportunistic tactics employed by cybercriminals. The surge in these phishing schemes illustrates how seasonal events can be exploited for malicious gain.

Attention to Other Key Phishing Targets

As we transition from September to October, there has been a noted surge in phishing sites impersonating Monex Securities, increasing more than fourfold compared to the previous month, along with a rise in phishing attempts directed at the NHK (Japan Broadcasting Corporation). These scams often revolve around unpaid fees for broadcasting services and fraudulent requests for login information related to the upcoming termination of services like 'NHK Plus' by September 30, 2025. The dynamic nature of phishing scams shows that they adapt to current trends and events – potential threats may soon emerge disguised as new services from NHK, such as 'NHK ONE.' This continuous surveillance by cybercriminals emphasizes the need for vigilance.

Phishing Site Rankings and Category Distribution

In September's phishing site brand rankings, GMO Click Securities ranked first, while the overall number of phishing attempts in the securities sector has been generally decreasing. However, notable entrants into the phishing site rankings include Mitsubishi UFJ Morgan Stanley Securities and Monex Securities.

When analyzing phishing incidents by category, phishing attempts targeting banks saw a significant increase of ten percentage points compared to the previous month, doubling the actual numbers. This rise was particularly due to the increase in phishing activities targeting GMO Aozora Net Bank. Similarly, there has been an uptick in phishing targeting JA Bank as well.

The credit card category also experienced higher percentages and actual figures as phishing sites pretending to be associated with Sumitomo Mitsui Card expanded markedly.

Prevention Tips Against Phishing Scams

• - Verify and Guard Links: Always confirm if the URL received via email or SMS aligns with the legitimate ones, and avoid clicking on suspicious links. Instead, utilize bookmarks or conduct web searches to directly access the authentic sites.
• - Be Cautious with Information Requests: Legitimate credit card firms will never request personal information through emails or messages. Always verify through official channels when prompted for sensitive details.
• - Unique Credentials for Each Service: Using identical login IDs and passwords across various platforms heightens vulnerability. It is best practice to create unique logins for each service to minimize risks of unauthorized access.
• - Implement Security Software: As cybercriminal tactics evolve, investing in robust security software will help safeguard against potential threats and flag suspicious activities.

Expert Insights from Professor Tatsuya Mori

In the latest report, Professor Tatsuya Mori from Waseda University highlighted the unexpected rise of GMO Click Securities in the phishing domain, noting the decrease in phishing attempts against previously targeted firms like Daiwa Securities, Nomura Securities, and SBI Securities. This trend shows a rapid shift by attackers in their methodologies. Professor Mori observed a notable pattern where public events or significant societal topics, such as census surveys and service disbandments, become ripe avenues for exploitation by phishing campaigns. He emphasized the importance of a vigilant response to such threats, urging individuals to refrain from clicking links in emails or SMS and verify senders and URLs thoroughly. He also advocated for sharing this information with family and friends to enhance collective awareness and preparedness against such phishing attempts.

Company Overview

Company Name: BBSS Inc.
Location: 1-7-1 Kaigan, Minato-ku, Tokyo, WeWork Tokyo Port City Takeshiba
CEO: Shin’ya Honda, President and CEO
Established: January 17, 2006
Shareholder: 100% owned by SB C&S Co., Ltd.
Business Activities: Planning, development, and provision of consumer software and IoT services, alongside corporate licensing sales.
Website: BBSS Official Site