March Cyber Fraud Report: Rise in Scam Sites Targeting New Beginnings

March typically sees an increase in phishing websites that lure individuals starting new chapters in their lives, such as moving to a new city or beginning a new job. This year has continued the trend, with a notable spike in scam sites masquerading as various utility and mobile service providers. Among the most concerning is the rise of phishing sites claiming to be affiliated with au Jibun Bank, targeting customers through SMS and email to steal personal information.

Increase in Scam Sites Targeting New Lives

As we approach the spring season, March has proven to be a prime opportunity for online fraudsters. Websites that imitate recognized brands, including Tokyo Electric Power Company and NTT Docomo, have been verified. Traditional phishing tactics have also been observed where scammers pose as the National Tax Agency. This year, however, has seen the unusual emergence of fraudulent sites pretending to be local tax portals (eLTAX), likely capitalizing on the upcoming property tax payment periods from April to June. Furthermore, illegal streaming sites purportedly connected to global baseball tournaments have appeared, highlighting the seasonal and event-driven nature of these scam strategies.

Phishing Scam Example

Note: The image represents fraudulent or dangerous websites and is unrelated to the content.

Sharp Rise in Phishing Sites Impersonating au Jibun Bank

Continuing the trend seen in March and penetrating into April, there has been a significant surge in phishing sites impersonating au Jibun Bank. These scams typically involve SMS messages or emails requesting sensitive information such as customer numbers and login passwords. A worrying trend is that more than just major banks are being targeted; local and online banks, along with various financial institutions, are also appearing in phishing attempts. For instance, incidents regarding phishing sites disguised as Nagoya Bank also multiplied in March.

Fraudulent SMS Example

Note: The image represents fraudulent or dangerous websites and is unrelated to the content.

Ranking of Phishing Brands

In March, phishing sites impersonating Monex Securities were the most frequently reported. Although phishing attempts directed at securities companies have exhibited a declining trend overall, the case with Monex remains alarming. Additionally, the impersonation of Nagoya Bank has emerged, indicating that not only major banking institutions are vulnerable.

Breakdown of Phishing Categories

The month of March also revealed an increased ratio of phishing sites targeting stocks and securities, largely reflecting the trends detected with Monex Securities. On the other hand, phishing attempts associated with credit card companies remain high, warranting continuous vigilance.

Key Preventive Measures Against Phishing Scams

1. Verify Links in Emails and SMS: Before clicking on any URL suggested in emails or SMS, ensure it's the legitimate site by checking bookmarks or conducting a web search instead. Utilizing free services to diagnose dubious sites can also be beneficial.
2. Be Cautious of Unsolicited Information Requests: Major credit card companies and legitimate institutions typically don’t request personal information via these channels. Always scrutinize communications prompting users to enter such data.
3. Avoid Reusing Login Credentials: Reusing the same username and password across different sites can heighten the risks posed by phishing schemes, leading to broader unauthorized access. It's vital to configure unique login details for different services.
4. Utilize Security Software: Installing updated security software actively protects against emerging online threats by providing alerts when suspicious sites are accessed.

Utilize the Free Scam Site Checker

For individuals wishing to verify the legitimacy of questionable sites, the Scam Site Checker offers a free solution. It leverages a blacklist compiled from various governmental sources and net fraud software to assess whether reported URLs are fraudulent.
Check URL

Expert Insights from Professor Tatsuya Mori

Professor Tatsuya Mori of Waseda University highlights the alarming emergence of new phishing sites impersonating local tax portals, a tactic not typical in previous reports. This suggests a calculated shift in the types of institutions targeted based on impending fiscal deadlines. The increased presence of scams linked to eLTAX signifies fraudsters adopting more sophisticated methods to exploit taxpayer authority, mirroring previous schemes that utilized urgent terms like “unpaid” or “seizure warnings” to manipulate victims.

As we move into April, it’s essential to remain wary of phishing attempts related to local tax notices, as well as transport or accommodation fraudulent schemes related to the Golden Week holiday. Nowadays, also be mindful of scams targeting new students or professionals needing banking services, while summer approaches with more energy company impersonators anticipated. Abiding by basic precautions—such as avoiding direct link accesses from unsolicited messages—is crucial. Sharing insights from this report with family and friends can help improve awareness against these online threats.

About the Author

Prof. Tatsuya Mori
Professor, Waseda University, Faculty of Science and Engineering
Recipient of the Minister of Education, Culture, Sports, Science, and Technology commendation for Science and Technology in 2023
Visiting Researcher, NICT Cybersecurity Research Institute

Company Overview

- Company Name: BBSS Inc.
- Location: 1-7-1 Kaigan, Minato-ku, Tokyo, WeWork Tokyo Port City Takeshiba
- Representative: Shin’ya Honda, President & CEO
- Established: January 17, 2006
- Ownership: 100% by SB C&S Corporation
- Services: Development and provision of consumer software and IoT services, corporate license sales
- Website: BBSS Inc.