


                                                   JPCERT-AT-2007-0009
                                                             JPCERT/CC
                                                         April 3, 2007

                  <<< JPCERT/CC Alert 2007-04-03 >>>

        Phishing frauds targeting Japanese financial institutions

              http://www.jpcert.or.jp/at/2007/at070009.txt

I. Overview

  JPCERT/CC has received multiple reports last month that phishing 
sites targeting Japanese financial institutions (banks and consumer
finance companies) have been observed. It may take a long time before
such sites are closed down due to the reason that these phishing sites
are often hosted by overseas servers, etc. Therefore care should be 
taken when accessing URLs in emails that look like they have been sent
by a financial institution.


II. Solution

  In situations where phishing sites cannot always be easily closed 
down, individual users of online services should make efforts to 
prevent damage by phishing. As precautionary measures against phishing
attacks, users should not open suspicious emails, access suspicious
websites, or enter personal information on suspicious websites.

  Server administrators are recommended to recheck security measures 
to prevent their hosts from being broken into and used as phishing sites.

  It is recommended to examine measures by referring to the points to
be noted by users of online services and server administrators listed
below:

**********************************************************************
[Users of online services]

  Users of online services, such as online banking, should be more 
careful by taking into account the following points:

(1) Be careful when you receive a suspicious email

    Never carelessly click on URLs in a suspicious email you have 
    received. Users can get infected by viruses or spyware simply by 
    visiting a malicious website.

(2) Check the domain name of the website you are going to access

    Check whether the domain name of the website is actually owned by
    the target organization. It is important to check the validity of
    the domain name using non-web based means, such as by telephone or
    by matching the domain name with the one printed on the user card.
    You should be careful when checking the domain name by using 
    search engines because phishing sites can be ranked high in search
    results.

(3) Check the security of the website before entering any information

    Before you enter personal information by using a form on a
    website, make sure that the website is a reliable one. For more 
    information, refer to the following website:
    
    Security for Beginners
    Do not access a website whose security has not been confirmed
    http://www.jpcert.or.jp/magazine/security/illust/part1.html#07

**********************************************************************
[Server administrators]

  Many cases have been reported where systems hacked by hackers using
a password brute-force attack are used as phishing sites. Please
reconfirm the following points:

    - Whether user accounts with no password exist
    - Whether weak passwords exits
    - Whether there are unnecessary user accounts

  In addition, users are recommended to change their passwords on a
regular basis. Deployment of authentication methods other than
passwords is also effective.

    Security for Beginners
    Set "good" passwords and change them regularly
    http://www.jpcert.or.jp/magazine/security/illust/part1.html#03

  For other measures, refer to the following document:

    Alert on Servers Used as Phishing Sites
    http://www.jpcert.or.jp/at/2005/at050002.txt


III. If you find a phishing site

  JPCERT/CC is working to ascertain the current state of phishing
regarding these incidents and formulate future counter-measures.
JPCERT/CC also accepts incident reports regarding phishing sites. For
incident reporting, please use the following format:

    Incident report notifications
    http://www.jpcert.or.jp/form/

    FAQ regarding responses to phishing
    http://www.jpcert.or.jp/ir/faq.html


IV. Reference Information

    Security for Beginners
    Methods of phishing and other frauds
    http://www.jpcert.or.jp/magazine/security/illust/part2.html#07

    AntiPhishing Japan
    Five tips to avoid becoming the victim - STOP! Phishing Frauds
    http://www.antiphishing.jp/gokajou.html


  If you have any information regarding this matter, please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/