Hi, I'm Misaki Kimura, a member of the Watch and Warning Group, and this is my first time to post here. My duty here at JPCERT/CC is to monitor various security related information and to share them internally/externally to support taking earliest countermeasures.
Today’s topic is about the recent phishing trends in Japan, which includes the phishing incidents observed and efforts for mitigation. Phishing became so prevalent that we frequently encounter news articles about it. Phishers are targeting the Internet users around the globe with increasingly sophisticated methods and it applies to Japanese users with no exception.
Organization Dealing with Phishing
To begin with, I would like to introduce you the Council of Anti-Phishing Japan (herein after CAPJ), which deals with phishing issues. CAPJ was founded in 2005 and JPCERT/CC has been serving as the secretariat since 2009. There are 74 member organizations (as of June 2013), consisting of financial institutions, credit companies, online services and security vendors.
Their main activities are:
- to collect phishing reports from consumers and to issue alerts to the public for precautions
- to offer a list of detected phishing sites to firms which provide software and web browser services to consumers
- to analyze the trends of phishing and regularly release a reports
- to investigate the phishing techniques and appropriate measures to be taken, including statutory ones
CAPJ has been observing an unprecedented number of phishing attacks since their establishment.
To share with you the phishing trends in Japan, we’ve generated a monthly graph on the number of unique phishing sites, based on the reports to CAPJ and JPCERT/CC (Figure 1).
Figure 1. Unique Phishing Sites Detected (July 2009 - May 2013)
Counting by year, 1818 phishing sites were detected in 2010, 1189 sites in 2011, and 1474 sites in 2012. This indicates that around 100 phishing sites have constantly been spotted per month in recent years.
252 unique phishing sites, which most of them spoofed a well-known Japanese portal site, were detected in only a month in October 2010, and this was the highest since the founding of CAPJ. The story behind this increase (which took place not only this month but also throughout the year) will be explained in the next section.
Targeted Brands of Spoofs
Now, let's take a close look at the brand or entity spoofed in these phishing attacks. The number of phishing sites spoofing brands shows a steady increase every year in both overseas and Japanese brands. In 2012, 32 Japanese brands were targeted - 39% increase from the previous year, and 123 overseas brands were targeted - which was a 10% increase. This shows that attackers are reaching out to a variety of industrial sectors to screw more potential victims with less awareness on phishing.
As shown in Figure 2, the most interesting point is the difference of targeted industry between Japanese brands and overseas brands.
Figure 2. Unique Phishing Sites Detected on Targeted Brands (Classified by Industry) 2009 - 2012
While the financial sector remains as the dominant target in overseas brands, portal site is the most targeted Japanese brand through 2009 to 2011.
As also shown in figure 2, in 2010, we counted 777 unique phishing sites spoofing the same portal site, which was almost double from the previous year. There are two factors that may be contributing to the exponential increase: the portal site’s brand name is very well-known consisting of a large number of users; and the features of the service are prone to phishing attacks. The portal site provides useful services which users are required to register an ID for use. When the user uses the service, this ID is displayed via portal site to the public. Since the e-mail address of the user can be easily speculated from this ID, many phishing sites concentrated on spoofing this brand.
Amid such situation, the brand owner has taken advanced measurement to solve this issue. In addition, several fraudsters suspected to be involved with this fraud were arrested. Due to such efforts, the number of phishing site of this brand declined significantly. In turn, phishing sites spoofing diverse brands were detected after 2012.
Approach and Efforts towards Phishing Attacks
One of the Japanese laws, "Act on the Prohibition of Unauthorized Computer Access," was amended last March and was enforced 2 months later. From this amendment, it became possible to regulate not only the fraudulent acquisition of ID/passwords, namely phishing, but also the prior stage of phishing, such as setting up phishing sites and sending phishing scam emails.
CAPJ has continuously been working to tackle phishing attacks. They released security guidelines on phishing, and workshops have been carried to disseminate materials on how to protect personal information from identity theft.
Furthermore, there are international collaborations with relevant organizations such as the Anti-Phishing Working Group (APWG) and Anti-Phishing Alliance of China (APAC), to share information globally.
We consider it important to develop a liaison network to handle phishing attacks, and what’s more, raising awareness for online users on phishing is necessary. JPCERT/CC and CAPJ, together with our local/global partners, will continuously make efforts to cope with phishing attacks.
Any inquiries are welcome, or if you happen to come across a phishing site, please contact us at info(at)antiphishing.jp or info(at)jpcert.or.jp.
- Misaki Kimura