A sophisticated phishing scam targeting corporate internet banking users has emerged in Japan, prompting authorities to issue urgent warnings to businesses nationwide.
This new fraud scheme combines social engineering tactics with advanced digital deception to compromise corporate accounts and facilitate unauthorized fund transfers.
The fraudsters initiate their attack by impersonating bank representatives over the phone. They inform their targets that their internet banking certificates have expired, creating a false sense of urgency.
Under this pretext, they request personal information from unsuspecting corporate users, laying the groundwork for the next phase of their scheme.
Following the initial contact, victims receive carefully crafted phishing emails containing malicious links. These links direct users to meticulously designed fake websites that closely mimic legitimate banking portals.
HackManac researchers observed that once on these fraudulent sites, victims are prompted to enter their credentials, including passwords and one-time passcodes, unknowingly handing over sensitive information to the scammers.
New Phishing Scam
Armed with the harvested credentials, the fraudsters gain unauthorized access to corporate accounts. They then proceed to transfer funds to unrelated corporate accounts, making the transactions difficult to trace and reverse.
This method of funneling money through multiple corporate entities adds a layer of complexity to the fraud, complicating recovery efforts.
Process leading to the unauthorized transfer of funds (Source – X)
The emergence of this scam comes amid a backdrop of increasing cybercrime in Japan. In the first half of 2023 alone, Japan recorded 2,322 online banking scams, resulting in losses totaling approximately 3 billion yen (about $21 million).
This new corporate-focused phishing attack is expected to potentially inflate these figures significantly if left unchecked.
Financial institutions and cybersecurity experts are urging corporate users to exercise extreme caution. They advise verifying any unsolicited communications claiming to be from banks through official channels.
Additionally, businesses are reminded never to click on suspicious links or provide sensitive information without proper verification.
As this threat continues to evolve, Japanese authorities, including the National Police Agency, are considering implementing AI-powered systems to identify and combat phishing sites more effectively.
This proactive approach aims to streamline operations and enhance measures against the rising tide of fraudulent activities targeting both individual and corporate banking customers.
Corporate internet banking users across Japan are advised to remain vigilant and report any suspicious activities to their financial institutions and the relevant authorities immediately.
