The Japan Times reported that the Japan Cybercrime Control Center has raised the alerts for cybercrimes in Japan, triggered by hackers taking advantage over fear and certainty due to COVID-19. Criminals are capitalizing on fear to lure victims into elaborate traps and hackers are reaching out to victims via hoax and phishing emails.
Many instances are being reported about hoax emails with offers for free surgical masks, which are in short supply. For instance, one message in Japanese says: “Pneumonia caused by the new Coronavirus is a problem that is spreading. We’ve sent you free surgical masks. Please confirm.”
Hackers are sending these email messages to Japanese consumers and the messages even promise home deliveries. Most Internet users in Japan access email on their mobile phones and could click on these malicious links impulsively to trigger an attack on their devices.
Such mails have a hyperlink that the recipient is encouraged to click. Clicking on the hyperlink takes the recipient to a seemingly legitimate website, where they are asked to install an app. This will make the phone vulnerable to hackers, enabling them to steal their Apple ID and password, and perhaps even their credit card details.
The Japan Cybercrime Control Center also received reports from people who were trying to buy face masks online but were instead redirected to fake shopping sites designed to look like legitimate sites. However, when they ordered the masks and paid for those, the masks were never delivered. The fake sites also collected their personal information and credit card details.
The earliest phishing scams related to COVID-19 that targeted some regions in Japan were discovered by IBM X-Force researchers at the end of January 2020.
The Emotet Malspam
The earliest phishing emails in Japan were discovered at the end of January 2020. Analysts from IBM X-Force and Kaspersky along with infosec community discovered attempts to spread the Emotet Trojan and other malware using phishing emails. The experts found that Emotet operators used previously compromised account templates to target potential victims for the Emotet malspam campaign.
According to IBM, the attackers seem to be geo-targeting the email content and language to inflict fear among audiences in these areas, thus, making them more likely to click on the malicious attachment. One of the malspam emails said that the Coronavirus had been detected in the Gifu region of Japan, while another mentions Osaka. A few of these emails also have a footer that mentions a legit address, as well as phone and fax numbers of disability welfare service providers and public health centers in the surrounding areas.