Japan has a large number of Forbes Global 2000 corporations--more than the UK, Germany, and France combined. Despite this economic strength, Japan faces an alarming and growing threat from phishing attacks, which is much worse than previously assumed.
According to findings by Mailsuite, Japan is frequently targeted by phishers, particularly impersonating its major brands. Telecom firm au by KDDI, for instance, has been exploited in 18,964 phishing scams since January 2020. Another frequently impersonated brand is the Japanese payment service JCB, which has been used in 14,907 phishing scams.
Japanese specialists confirm that these findings align with other research by Cloudflare and Vade. KDDI's cell phone service name, "au," is often abused due to its similarity to the Australian ccTLD, fooling many into thinking phishing emails are legitimate. Moreover, other major brands like train company JR East and retail franchise Aeon have also seen over 10,000 verified phishing scams each.
The problem has reached such an extent that 2023 saw a record number of phishing scams in Japan, surpassing the previous annual record for unauthorized money transfers within just six months. The trend has extended into 2024 and Hisashi Arai from KDDI’s UX and Quality Department highlights the sophistication of these phishing sites, which mimic legitimate screens almost identically, making detection difficult.
Compounding the issue is the low adoption rate of DMARC by major Japanese companies, trailing behind those in the Philippines and Thailand. Japan's economic affluence, ranking third globally by GDP, makes it an attractive target for North Korean and Chinese cybercriminals. Additionally, cultural factors, such as Japan's strict adherence to deadlines, make citizens more vulnerable to phishing attempts using urgent language.
The Council of Anti-Phishing Japan’s monthly reports further underscore the severity of the situation. Additionally, a recent Cloudflare announcement listed several Japanese brands frequently targeted in phishing scams, including Mitsubishi UFJ NICOS, Rakuten, JR East, and Aeon.
The upshot is that phishing attacks in Japan are a significant and escalating issue, requiring immediate and enhanced cybersecurity measures to protect its corporations and citizens.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
