Two widely reported Web stories this year have been related to online-services fraud. One concerns online banking, the other account-hacking on a smartphone messenger service.
If you use the online services of Japanese banks, you may have noticed that their websites have become decorated with more and more vivid red and yellow cautions. One I’ve seen even features a nostalgic horizontally scrolling marquee and blinking text, taking me back to the 1990s. These warnings are intended to remind users to check that the site they are using is genuine — though, amusingly, the out-of-date banners themselves make the sites look rather fishy.
The methods of the real fraudsters are nothing new. They make a site copying that of the online bank, send emails randomly to millions of addresses and wait for someone stupid enough to click the link to the fake site and enter their username and password. These can then be used by the charlatans to access the real account and transfer the victim’s money elsewhere.
According to a National Police Agency report, the amount of funds embezzled in this way increased fivefold from the first half to the latter half of 2013.
When opening a website, it can be hard to tell simply from the design of the page whether it is real or fake, as websites are easy to copy. One tip is to check the browser’s address bar to see whether the connection is secured: The URL should begin with “https,” and many browsers also display a lock icon. You can also open the https certification to check whether it shows the valid organization name.
Some banks offer other countermeasures, such as one-time password generator gadgets, or a free virus-checker program that can check whether the site you are visiting is real. However, these will not save users who are already visiting a fake site, because the fake site can forward the user’s one-time password to the real site, or offer a fake virus-checker program.
According to a press release issued by the police on Sept. 4, targets of online bank fraud are expanding from mega-banks to regional banks, and shifting from personal accounts to corporate accounts. Although online bank services for companies have stricter security procedures, it seems the higher limits of corporate-account transactions are more attractive to criminals.
In June, reports by NHK, Nikkei and other mass-media outlets made fraud over popular messaging service Line a big story. Line is one of Japan’s most popular social networks, and fraudsters took advantage of this, hacking into users’ accounts and then asking their friends to send money or digital vouchers.
Line users may receive strange messages from a “friend”: “Are you busy? Could you do me a favor?” The conversation veers toward the friend asking for help with a fund transfer or purchase, such as WebMoney credit or an iTunes voucher. Thinking they are helping a friend, users buy the item and send the digital code required to redeem it — after which the friend promptly disappears.
Police say that such scams have fooled victims in several prefectures.
Line announced that there are no signs that its service has been cracked or the passwords leaked. It seems likely that those hijacked users had the same password with other services, and that the leaks came from there.
Tech-savvy Line users who realized they were being targeted had fun baiting the con artists, reporting their conversations over Twitter as they pretended to be deceived, or making honey-pot websites to capture evidence and catch the culprits. Believing the criminals to be from China, some users made derogatory comments in Chinese to wind them up.
As the fraudsters’ common opening gambits became widely known, some misguided Line users jokingly mimicked them in messages to their real friends, before being locked out of the service after their friends reported the messages as suspect.
Even more amusingly, one suspect accidentally sent his target a document containing a complete manual of fraud, containing a long list of sample questions and answers with commentaries in Chinese.
The Japanese text in the manual contains broken grammar that just about makes sense but does not quite seem natural for a native speaker, which should have given the swindlers away immediately. But these days we all use strange language in the short messages we write on social networks, so it’s understandable that people were deceived.
It’s easy to poke fun at a story like this, but the reality is that many people have been deceived, and the criminals behind the scam will be improving their manual even as you read this. If you get a strange message from a friend on Line or another social network, I suggest you give them a call to make sure they are who they say they are.
Akky Akimoto is a Japanese blogger for Asiajin and Cybozu. His Twitter @akky has about 120,000 followers.