(Page 2) AI-Driven Phishing Scams: Railway and Delivery Service Fake Websites Are Getting Harder to Spot | FRIDAY DIGITAL

AI-Driven Phishing Scams: Railway and Delivery Service Fake Websites Are Getting Harder to Spot

Introducing new-age countermeasures! More than 1.71 million cases reported last year alone!

|NEWS
  • Share on Twitter
  • Share on LINE

Two Step Authentication is also breached

Currently, many web services use one-time passwords or send authentication numbers to specified addresses as part of two-factor authentication. To bypass this, real-time phishing has been developed. Mr. Mikami, mentioned earlier, explains this using internet banking as an example:

“When a user enters their ID, password, or other information on a fake site, the information flows to a criminal group. The group immediately enters that ID and password on the real site. Then, a one-time password is sent to the user’s phone via SMS, making them believe it is a legitimate site. At this point, the user enters the one-time password on the fake site without suspicion, allowing the criminals to bypass the two-factor authentication. Since the timing of the authentication message appears normal, the user doesn’t realize they are interacting with a fake site until it’s too late.

While phishing scams have been increasing in online banking, they have recently started to appear on e-commerce sites. A case involving a fake Amazon site utilizing real-time phishing methods has also been reported.”

What can we do to avoid being tricked? Experts on phishing countermeasures unanimously agree: “It’s important to stop trying to determine if a message is real or fake.”

“With the introduction of AI, it has become nearly impossible to distinguish between real and phishing messages. Even if the email seems genuine, the rule is to avoid clicking URLs in emails or SMS messages. Even if you receive a message that seems urgent, like ‘Unauthorized access detected,’ it’s better to avoid clicking any URL in the email and instead log in via the official website or app. This is the best way to prevent damage.

It’s also important to prevent receiving phishing emails altogether. Google’s Gmail spam filter is excellent at blocking fake emails. Since you can also receive emails from other providers through Gmail, it’s a good idea to actively use it.” (Mr. Mikami)

What should you do if you accidentally open a fake message? Mr. Kanayama, mentioned earlier, explains:

“In most cases, just opening an email or URL doesn’t immediately cause harm. As long as you don’t enter personal information, you’re generally fine. However, if you use the same password across multiple sites, there’s a chance that your other accounts could also be compromised. If you do accidentally enter a password, you should immediately change it.”

If, for some reason, you enter personal information, a countermeasure table is provided for reference.

It’s nearly impossible to tell these scams apart now. Even if you’re curious, the best starting point is to avoid clicking any URLs in suspicious emails.

There is no end to the number of cases of text messages sent by short mail, which are deceptive of financial institutions. They are trying to create a sense of crisis with messages such as “Important confirmation.”
See all images (6 total)
Fake websites imitating JR East’s “Ekinet” service are also indistinguishable from the real thing. The fake websites deceive by claiming that if you don’t do anything, you will be automatically withdrawn from the membership.
Fake advertisements on social networking services that deceive users about celebrities such as Yusaku Maezawa have also appeared, from which information is extracted.

From the February 21-28, 2025 issue of “FRIDAY”

  • PHOTO Courtesy of IPA (1st to 4th photos)

Photo Gallery6 total

Featured Articles

Photo Selection

Check out the best photos for you.

Related Articles