A new and sophisticated phishing scam targeting corporate internet banking users has been detected in Japan, prompting urgent warnings from authorities to businesses across the country. This fraud scheme uses a combination of social engineering and advanced digital tactics to gain unauthorized access to corporate accounts and facilitate fraudulent transactions.
The scam typically begins with fraudsters impersonating bank representatives over the phone. They inform their targets that their internet banking certificates have expired, creating a sense of urgency. Victims are then tricked into providing sensitive personal information, which serves as the gateway for the next phase of the attack.
Following the phone contact, victims receive phishing emails with malicious links that direct them to fake websites designed to look like legitimate banking portals. These counterfeit sites prompt users to enter their login credentials, including passwords and one-time passcodes, allowing the scammers to steal vital information.
Once the fraudsters have obtained the necessary credentials, they access the corporate bank accounts and transfer funds to unrelated accounts, making it difficult for authorities to trace or reverse the transactions. This method of routing money through multiple entities further complicates the fraud investigation and recovery process.
This new phishing attack comes at a time when cybercrime in Japan is on the rise. In the first half of 2023, over 2,300 online banking scams were reported, causing financial losses exceeding 3 billion yen (about $21 million). Authorities and cybersecurity experts are advising businesses to verify all unsolicited communications and to remain cautious when clicking on links or sharing sensitive information.