Unknowing brand damage Phishing surge, 520,000 cases in 2021
The number of reports of "phishing scams" that steal personal information such as credit card PIN numbers is increasing rapidly. The number of reports received by the Anti-Phishing Council in 2021 was 526,504, more than 2.3 times the previous year.
[Related article]Increase in attack emails pretending to be employees of the company Many brands that are deceived include Amazon, Mercari, and au. Sumitomo Mitsui Card stands out among the many financial institutions. Noriaki Hayashi, a member of the association, warns that "the brand image will be damaged, and the effectiveness of approaches to consumers for legitimate marketing purposes will decrease."The increasing trend has been remarkable since 2020, with 224,676 cases, four times the number in 2019. Mr. Hayashi explains that behind the rapid increase is the lowering of the hurdles to procure and build the "crime as a service" necessary to carry out phishing scams. Packages include a "phisher" that collects user information, a "junk mail distributor" that undertakes email creation and mass transmission, a company that hides the sender, and a hosting service that is reluctant to disclose sender information and cooperate with police investigations. has been made
Phishing scams are also characterized by the appearance of fraudulent websites that are on the trend, and in 2020-21, cases related to the new corona appeared. There have also been cases of abuse of the contract money lending system, in which money is borrowed against the security of surrender value of life insurance policies. You risk losing your loan.
For business operators, the problem is that the discovery is delayed because the crime occurs outside the jurisdiction. In addition, it is difficult to grasp because there is no direct damage to the company.
Yusuke Osumi of Yahoo!
However, in the case of e-mail, for example, it is bad practice to provide guidance such as ``The e-mail from our company is ○○@○○.co.jp'' regarding the official sender.In the first place, the sender of the e-mail can be freely set In addition, depending on the scale, it may be possible to inform the customer of the event by email, but in that case it is better not to attach the URL to the email. There is a possibility that something that imitates it will come out on the market.It is also possible to make it known on SNS.” (Mr. Osumi)
Phishing e-mails and short messages are often sent from computers and smartphones infected with harmful software called "malware". If an employee's terminal is infected, there is a possibility that they may unintentionally participate in criminal activities.
"We have also confirmed sales pitches such as sending e-mails from a platform that bundles computers infected with malware by malicious companies, and DDoS attacks (cyber attacks that cause system failures and data loss). Mobile. There is also malware, and there have been many reports of short messages being delivered via infected devices." (Mr. Hayashi)
To avoid falling for phishing scams as an individual, "don't try to spot them," says Ohsumi.
"In the same way as directly confirming with the person in the case of so-called 'It's me fraud' (= special fraud), when you receive some guidance, first check the official app or official website. Fraud. Access the correct site instead of trying to identify it.At that time, you want to avoid overreliance on the lock-like icon that appears in the URL field of the web browser."Safe" is indicated about the communication route So, it's just a safe connection to the fraudulent site.It will also be displayed on the fraudulent site." (Mr. Osumi)
