Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    On September 27, Trend Micro researchers found phishing emails and sites pretending to be the Japanese localized site of Yahoo! Auctions. Japanese users, be warned.

    According to researchers, the said phishing mails were delivered to users with a subject title in Japanese, which when translated to English, reads “To Yahoo! Japan site users” and appearing to come from the Yahoo! Japan Support Center.

    This phishing mail pretends to be some type of user ID and password verification where the phisher intends to lead the victimized users to a site where confidential information such as Yahoo! Japan user IDs, passwords, credit card numbers, etc. can then be stolen.

    If the users click a link in the said mail, they are redirected to a webpage entitled, “Update your Yahoo! Japan ID user account,” again in Japanese.

    Figure 1. The fake site entitled “Update your Yahoo! Japan ID user account” in Japanese. The users visiting this phishing site are asked to input their passwords and credit card numbers.

    Trend Micro Web Reputation technology correctly and swiftly analyzed the danger of this site and has categorized it as a phishing site. If Trend Micro users unwittingly connect to this site, they are blocked from access and are thus safely protected.

    Figure 2. This shows that the said phishing site has been blocked by Web Reputation technology. When connecting to a specific website, Trend Micro users automatically query the reputation server to check the rating of this site.

    This phishing site is quite similar to the real Yahoo! Japan site in terms of design and layout. In fact, some of the links are connected to the legitimate Yahoo! Japan site. Therefore, any users who may hover their mouse over random links may tend to believe that the site is legitimate. The IP address, 210.188.{BLOCKED}.{BLOCKED}, further suggests that the site is located in Japan.

    Fortunately, this phishing site is currently inaccessible. (We also confirmed that it was accessible from 16:30 of September 27 to 23:00 on September 28, all in Japan time.)

    It is possible that similar phishing sites can be found to be hosted on different servers. This places Yahoo! Auction fans at greater risk as it expands the threat further. If ever you have updated your ID and password when this phishing site was accessible, once more, you had better check if your update was properly done in the legitimate site.

    We have seen several other cases targeting Japanese users by using phishing mails and websites written in Japanese. Below are some of the typical cases.

    Table 1. Just a sampling of arrests made against cybercriminals. Details can be found at the Metropolitan Police site.

    On September 6, Yahoo! Japan announced support for victimized users on such incidents that their Yahoo IDs were used illegally, etc. Users can even refund the amount lost in valid cases of fraud.

    While this is good news, the most important thing is to protect against being victimized by this kind of attack.

    Yahoo! Japan also has the particular pages devoting to best practices on how users can protect themselves from such auction-related fraud and troubles, at Yahoo! Security Center and Self-defense techniques on the auction sites. Japanese Yahoo! Auctions fans are encouraged to take time to read these reminders.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice