November Report Highlights Surge in Phishing Sites Targeting Investment Firms

November Phishing Report: A Growing Threat to Investors

The latest monthly phishing report indicates a worrying trend: the increase of phishing sites impersonating Monex Securities has continued into November, raising alarms for investors. The findings highlight the tactics used by cybercriminals, such as sending emails disguised as promotional campaigns or security checks to collect users' login credentials.

Surge in Phishing Sites Targeting Monex Securities

From October to December, Monex Securities has emerged as a primary target for phishing attacks. Cybercriminals are using deceptive emails claiming to be part of promotional campaigns or alerts regarding security measures and account restrictions, with the intent to capture sensitive login information. Since April 2024, there has been a noticeable uptick in phishing websites directed at securities companies, showcasing a shifting focus on specific brands from month to month. As it stands, predicting which securities firm might be next in line for such attacks is increasingly difficult, necessitating ongoing vigilance.

In addition to Monex, phishing sites masquerading as the National Tax Agency have spiked dramatically, reportedly increasing by about 48 times. Scams claiming unpaid taxes are particularly prevalent, targeting unsuspecting users during the tax filing season that typically begins in the new year, presenting a potential for this trend to escalate further.

Caution Against Phishing Sites Impersonating Other Organizations

Between November and December, there is also a recorded rise in phishing sites impersonating the National Association of Credit Unions and the National Workers' Credit Union Association. Historically, mainstream banks and regional banks have been the primary targets of such phishing attacks; however, it appears that the criminals are now shifting their focus towards financial institutions with lending functions.

Furthermore, there has been an increase in phishing sites posing as Amazon around the end of November, likely capitalizing on the shopping frenzy of Black Friday and the bonus season. This spike is accompanied by a notable rise in phishing threats related to credit card companies like UC Card and Orico, accentuating the need for continuous awareness.

Ranking of Phishing Sites by Brand

In November, Monex Securities topped the phishing site rankings, reflecting the increasing threat level posed to cryptocurrency exchanges and trading platforms. Brands in the credit card sector have also seen multiple entries within this ranking. Notably, phishing attempts regarding Vpass, a service operated for Visa cardholders, have increased as well, where attackers pose as legitimate service providers to capture vital personal information.

Categorization of Phishing Sites

This month saw a rise in phishing sites that impersonate government organizations, largely due to the increased activity surrounding the National Tax Agency scams. The data indicates that the share of phishing alerts stemming from web services has also grown in tandem with the increase in Vpass threats.

- Government agencies represent a significant portion of these phishing attempts.
- Web services, particularly those related to credit card services, are also on the rise, requiring users to exercise discernment when receiving communications requesting sensitive information.

Key Points for Preventing Phishing Attacks

To mitigate the risks associated with phishing:

- Verify URLs of emails and SMS messages: Always check the legitimacy of links before clicking. Users should navigate to official sites via bookmarked links or trusted web searches.
- Be wary of unsolicited messages: Legitimate credit card companies will never ask for sensitive information via email or text. Be vigilant against any messages that direct you to input personal data.
- Avoid reusing login credentials: Using the same login ID and password across multiple accounts can significantly increase the risk of compromised information. Unique identifiers for each service is recommended.
- Install security software: Given the ever-evolving methods employed by cyber criminals, it is crucial to use security software that can provide warnings when visiting suspicious sites.

Free Phishing Site Diagnosis: “Scam Site Checker”

For individuals seeking clarity on potentially dangerous sites, using the “Scam Site Checker” tool provides a resource to determine the safety of a web page. This service analyzes URLs against blacklists compiled from both commercial anti-fraud firms and government bodies.

- Site URL: Scam Site Checker

Commentary from Professor Tatsuya Mori

Professor Tatsuya Mori underscored the pressing issue in this month’s analysis. He noted that the upward trend in phishing attacks on Monex Securities, alongside the remarkable increase in threats from government agency impersonators, requires a heightened state of alert. The dynamic change in focus towards various financial institutions—now extending to credit unions—suggests that virtually every brand is susceptible to these kinds of cyber threats.

With an eye towards the upcoming holiday period, potential phishing scams could target transport companies during homecoming travels, tax-related fraud schemes, and fraudulent ecommerce attempts related to seasonal sales. In this fast-paced environment, users must remain cautious and refrain from clicking suspicious links sent via email or SMS, instead opting for verified access methods.