Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Unmasking the Threat: Why Phishing Scams are Surging in Japan

    Japan has a large number of Forbes Global 2000 corporations–more than the UK, Germany, and France combined. Despite this economic strength, Japan faces an alarming and growing threat from phishing attacks, which is much worse than previously assumed.

    According to findings by Mailsuite, Japan is frequently targeted by phishers, particularly impersonating its major brands. Telecom firm au by KDDI, for instance, has been exploited in 18,964 phishing scams since January 2020. Another frequently impersonated brand is the Japanese payment service JCB, which has been used in 14,907 phishing scams.

    Japanese specialists confirm that these findings align with other research by Cloudflare and Vade. KDDI’s cell phone service name, “au,” is often abused due to its similarity to the Australian ccTLD, fooling many into thinking phishing emails are legitimate. Moreover, other major brands like train company JR East and retail franchise Aeon have also seen over 10,000 verified phishing scams each.

    The problem has reached such an extent that 2023 saw a record number of phishing scams in Japan, surpassing the previous annual record for unauthorized money transfers within just six months. The trend has extended into 2024 and Hisashi Arai from KDDI’s UX and Quality Department highlights the sophistication of these phishing sites, which mimic legitimate screens almost identically, making detection difficult.

    Compounding the issue is the low adoption rate of DMARC by major Japanese companies, trailing behind those in the Philippines and Thailand. Japan’s economic affluence, ranking third globally by GDP, makes it an attractive target for North Korean and Chinese cybercriminals. Additionally, cultural factors, such as Japan’s strict adherence to deadlines, make citizens more vulnerable to phishing attempts using urgent language.

    The Council of Anti-Phishing Japan’s monthly reports further underscore the severity of the situation. Additionally, a recent Cloudflare announcement listed several Japanese brands frequently targeted in phishing scams, including Mitsubishi UFJ NICOS, Rakuten, JR East, and Aeon. 

    The upshot is that phishing attacks in Japan are a significant and escalating issue, requiring immediate and enhanced cybersecurity measures to protect its corporations and citizens.


    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top