Computer Crime Research Center

phishing/japan.gif

Phishing season opens in Japan; 8 lose total of 1.5 million

Date: February 10, 2005
Source: The Asahi Shimbun
By: The Asahi Shimbun

Japan may be the next happy hunting ground for online swindlers employing sophisticated cyber-tricks to steal personal information for forging credit and cash cards, police and financial institutions warn.

Eight customers of UFJ Card Co. lost a total of 1.5 million yen to swindlers using forged cards to make illegal withdrawals, the company reported Monday.

In a new twist, the cash was not withdrawn in Japan, but through cash dispensers in Romania.

Known as phishing, the online scam typically involves sending out e-mail messages purportedly from banks or card firms directing the recipient to a Web site where they must ``update security'' or ``renew'' a card.

Once at the bogus Web site, which is made to look legitimate, the victim is asked to enter personal information such as name, credit card number and password.

With that data, the scammers then forge cards that are used to purchase merchandise at online shopping malls or to withdraw money from cash dispensers.

According to the National Police Agency, the first phishing fraud was confirmed in Japan in November. Hundreds of thousands of yen were lost.

Around that time, police said bogus e-mails were sent in the name of at least seven legitimate companies, including major credit card issuer JCB.

UFJ Card has now revealed that forged cards were apparently used to make illegal withdrawals in Romania in September and October 2004.

Similar attempts were apparently made against 25 other customers in Britain, Germany, Australia, Austria and Spain.

Those attempts, also at cash dispensers, were all thwarted by the company's security system, according to UFJ Card officials.

Some of the customers told the company they remember receiving e-mails asking them to ``update personal data to protect them from online fraud,'' the officials said.

The credit firm is sending out letters and posting warnings to customers on its Web site explaining that such confidential information as passwords is never asked for through e-mail.

The NPA task force received 24 reports of phishing attempts between Dec. 24, when it opened a phishing hot line, and Jan. 31. In 23 cases no money was lost, and police are still investigating the remaining case. None of the 24 is connected to the UFJ Card cases.

In 17 of the 24 cases, individuals reported they had received ``fishy'' e-mail messages, some in English and others in Japanese.

In the seven other instances, businesses reported their servers were attacked from abroad in an apparent bid to open bogus Web sites, according to the NPA.

In a separate report, the Japan Computer Emergency Response Team Coordination Center, a nonprofit organization backed by the economy ministry, said it had received 41 reports of fake Web sites related to phishing.

Rampant in the United States, phishing there had netted scammers a reported $1.2 billion (126 billion yen) in the year to mid-2004.(IHT/Asahi: February 9,2005)




Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo