"Your account has been locked" or "Regarding delivery of your package" -- have you ever been startled by an email with a subject like this?
In recent years, fraudulent email methods have become increasingly sophisticated, and the more you think you're safe, the more at risk you are.
In this article, we will comprehensively explain everything from the latest scam email methods to specific ways anyone can identify them and what to do if you are caught in an email fraud situation.
After reading this article, you too will be able to avoid being fooled by fraudulent emails and protect your important personal information and assets.
Targeting you! The latest sophisticated methods of fraudulent emails
Let's start by understanding the methods of the enemy. Criminal groups skillfully disguise themselves as services and public institutions that we use every day in order to gain our trust.
Case 1: Phishing scam impersonating a major company
Emails impersonating companies such as Amazon, Rakuten, Apple, Microsoft, major banks and credit card companies are the most classic and common scam.
- Subject line examples:
- "[Important] Notice regarding customer account authentication"
- "Please update your payment information on your [Amazon.co.jp] account."
- "An unusual sign-in was detected"
These emails prompt you to update your account or payment information and lead you to a fake login page, designed to look exactly like the real thing, with the goal of stealing your ID and password.
Case 2: Fake notification impersonating a public institution
There has also been an increase in scams purporting to be from public institutions such as the tax office, courts, and pension offices. These malicious scams take advantage of the psychological tendency to not ignore notifications from public institutions.
- Subject line examples:
- "Notice regarding unpaid taxes from the National Tax Agency"
- "Important e-Tax Notice"
- "Final Notice of Seizure"
They try to trick you into providing personal and bank account information using the pretext of a tax refund or unpaid taxes.
Case 3: Absence notification disguised as a delivery person
In this case, they pretend to be a major delivery company (Yamato Transport, Sagawa Express, Japan Post, etc.) and send an absence notification via email or SMS.
- Subject line examples:
- "We came to deliver your package, but you were not at home so we took it back."
- "[Notice of Absence] Please check the delivery status of your package"
If you access the URL, you will be prompted to install a malicious app or enter personal information.
Case 4: Domain registration/renewal scams
Recently, there have been reports of fraud targeting website operators. In this case, scammers pretend to be overseas companies and try to make people feel uneasy by claiming that "a third party is trying to register a domain with the same name as your website," and then try to get them to register the domain for a high fee. In most cases, there is no evidence of such an application.
How to spot a scam email! 7 checkpoints to check
Even the most sophisticated scam emails will reveal their flaws if you look closely. If you receive a suspicious email, calmly check the following seven points.
1. Is the sender's email address really correct?
This is the most important and easy to spot feature.Display nameDon't be fooled by@AfterDomain nameLet's check.
| Status | Description | An example |
| 正規 | The same domain as the official website:@amazon.co.jp" is used | auto-confirm@amazon.co.jp |
| fake | Irrelevant or confusing strings are used | info@amazon-security-center.com |
| fake | Major free email domains are used | amazon_support@gmail.com |
microsoft.com micosoft.comOr,.co.jp .netIf even one character is different, it's a fake.
2. Check the URL before you link
Links and buttons in the email bodyBefore you clickMake it a habit to always check the URL of the link you are linking to.
- For PC: Place your mouse cursor over the link (do not click) and the actual destination URL will be displayed in the bottom left corner of the screen.
- For smartphones: Press and hold the link and the URL will pop up.
As with the sender address, make sure the domain name of this URL matches that of the official website, especially if a shortened URL (such as bit.ly) is used.
3. Are there any unnatural expressions in the Japanese?
When overseas fraud groups use translation software to create emails, the Japanese text often sounds strange.
- Unnatural honorifics and expressions
- "Your password will expire"
- Please log in using the link below
- "We have suspended your account"
- Unnatural use of kanji
- It contains a mixture of old characters and simplified Chinese characters that are not normally used.
- How to use punctuation
- The comma is "," (comma).
- The punctuation is in an unnatural place.
If there's even the slightest bit of something that makes you feel unsure, suspect it's a scam.
4. Are there any words that cause excessive anxiety, such as "urgent" or "important"?
"Urgent""caveat""Your account will be locked""Please respond within 24 hours" It is a common tactic used by scam emails to make the recipient anxious and rob them of their ability to make calm judgments.
The more important the notification, the more likely the company will try to contact you by other means than email, so first take a moment to check the official website directly.
5. The addressee is not specific
If it's an important message from a legitimate service, it will usually say "Dear Mr./Ms. XX,Your name will be listed in the form:To customers""Dear (Your email address),Be careful if the addressee is ambiguous, such as "
This may be evidence of bulk emailing that applies to everyone.
6. Don't open attachments easily
Attachments disguised as invoices or notices (.zip, .pdf, .docx, .xlsx ) may contain computer viruses (malware).
In particular, files with the extension ".exe"Or".scr" file is an executable file and should never be opened.
It is wise to ignore and delete any attachments you do not recognize, even if the file name looks legitimate.
7. Is there anything strange about the logo or design?
They are difficult to distinguish because they are created by copying real emails, but if you look closely you may find some rough edges.
- The company logo image is low resolution and blurry.
- The whole layout is messed up.
- Information that should be in the footer of the official website (such as links to the company profile and privacy policy) is missing.
What to do if you click on a link in a fraudulent email?
If you accidentally click on a link or enter your information, there's no need to panic. Just follow the steps below to stay calm.
Step 1: Don't panic if you just opened the email
If you simply open an email or click a link that takes you to a fake site, it is unlikely that you will immediately be infected with a virus or have your information stolen.
Don't type anything, don't download anything, and close the browser tab or window immediately.
Step 2: What to do if you accidentally enter personal information
If you have entered your ID, password, credit card information, etc. on a fake site, you need to take action quickly.
- Instant password change: If you have used the same ID and password on other sites as you did on the fake site,All sitesChange your password immediately.
- Contact your credit card company: If you entered your card information, immediately call the number on the back of the card and apply to have the card suspended and reissued. Also, check your statement to make sure it hasn't been used fraudulently.
- Setting up two-factor authentication: If your service supports it, set up two-step authentication (multi-factor authentication) immediately. This will greatly prevent unauthorized logins by third parties even if your password is leaked.
Step 3: What to do if you suspect a malware infection
If you open an attachment or install a malicious app, your phone may be infected with a virus.
- Disconnect from the Internet: Isolate your PC from the network by turning off Wi-Fi or unplugging the LAN cable. This will prevent further damage and external transmission of information.
- Run a scan with your security software: Update your installed security software to the latest version and run a full system scan.Windows セキュリティ(Windows Defender)" also enables high-performance scanning.
Pochip
Step 4: Report and delete the fraudulent email
To prevent further damage, report any fraudulent emails you receive as spam and then delete them completely. It is also effective to report the email to the following organizations:
- Anti-Phishing Council: https://www.antiphishing.jp/
- National Police Agency Cyber Police Bureau: https://www.npa.go.jp/bureau/cyber/index.html
Precautions and Windows security settings to avoid being scammed
Finally, we will introduce some measures to prevent future damage.
- Use spam filters: Please enable the spam filter function of your email service (Gmail, Outlook, etc.) and set it to an appropriate level.
- Access the official website from your bookmarks: Instead of accessing sites via links in emails, make it a habit to bookmark the sites you regularly visit in your browser and access them from there.
- Implement two-factor authentication: Always set up two-factor authentication with financial institutions and major web services - it's one of the strongest forms of defense.
- Keep your OS and software up to date: By enabling Windows Update and keeping your OS, browser, and security software up to date, you can prevent attacks that exploit vulnerabilities.
Strengthen your Microsoft account security now to prevent it from being hijacked
Summary
In this article, we have explained in detail the increasingly sophisticated methods used in fraudulent emails, as well as how to identify and deal with them. Finally, let's review some important points.
- Seven points to spot a scam email:
- Source addressCheck the domain of
- Before clicking URL Check
- unnaturalJapanesedoubt
- Anxiety-inducing wordsDon't rush
- Ambiguous addressBe careful of
- EasilyAttachmentDo not open
- that’s a joy to receive.Find the incongruity of
- What to do in case of an emergency:
- If you just click on a link, close the page immediately.
- Once you have entered the information, immediately change your password and contact the relevant parties.
- Precautions:
- Set up two-factor authentication and keep your OS and software up to date.
The methods used in fraudulent emails are evolving every day, but the most important thing is to remember that if something seems suspicious, you should be skeptical.
We hope this article helps you stay safe online. Please bookmark it and share it with your family and friends.
Comment: