290.1 million IDs and passwords <> million email addresses seized on PCs

Highlights: Kanagawa Prefectural Police found 290.1 million IDs and passwords, as well as <> million email addresses. It is extremely unusual for such a large number of information to be confirmed from the seized items. The police have re-arrested the company executive who is believed to be the supervisor and is analyzing the information and investigating the route of obtaining it. "Phishing scam" is considered to be one of the routes through which a large. number of IDs and password have been leaked.

[NHK] In the case of unauthorized use of smartphone payment services, the Kanagawa Prefectural Police Headquarters examined the computers of the Chinese group arrested and found that 290.<> million ...

When the Kanagawa Prefectural Police Headquarters examined the computers of a group of Chinese people arrested in the case of unauthorized use of smartphone payment services, they found that 290.1 million IDs and passwords, as well as <> million email addresses, were stored. It is extremely unusual for such a large number of information to be confirmed from the seized items, and the police have re-arrested the company executive who is believed to be the supervisor and is analyzing the information and investigating the route of obtaining it.

In the case of unauthorized use of smartphone payment services by a Chinese group, the Kanagawa Prefectural Police Headquarters rearrested Hu Okibo (30), a Chinese company executive living in Tokyo who is believed to be the group's leader, on suspicion of violating the Unauthorized Access Prohibition Law by illegally logging into another person's account.

He denies the charges.

According to the police, three computers confiscated from Hu's home revealed that 1,3 credit card information and 1.7000 million IDs and passwords, including those of payment services used in the country, were stored.

In addition, 290 million email addresses were stored.

There is also a phishing program stored on the computer, and the police suspect that they sent a large number of phishing emails and stole passwords and other information.

It is highly unusual for so many email addresses, IDs, and other information to be identified from the seized items, and the police will continue to analyze the stored information and investigate how it was obtained.

The composition of the case is

The Kanagawa Prefectural Police have arrested a total of 11 Chinese men and women so far.
This is the composition of the case known so far.

Hu, who is believed to be the supervisor, used the ID and password obtained to illegally log in to another person's account and obtain a barcode to use for payment.

It is believed that the image of the barcode was sent to the members who coordinated the execution role on SNS.

After that, the barcode was passed to the "buyer", who used the barcode to purchase heat-not-burn cigarettes at convenience stores.

It seems that heat-not-burn cigarettes were exported to China and then resold.

Is one of the leak routes a "phishing scam"?

"Phishing scam" is considered to be one of the routes through which a large number of IDs and passwords have been leaked. In recent years, it has increased rapidly and the modus operandi has become more sophisticated.

Ritsu Shinoda, president of the information security company Southplume, explained his recent clever tricks and precautions based on an email he received.

An email claiming to be a major flea market app.

It is written to click the URL in the email in the campaign to receive points worth 3000 yen.

The campaign period and conditions are also written, and at first glance it looks genuine.

However, this is a fake "phishing email", and if you believe the content and click the URL, you will be directed to a fake site that looks exactly like the real thing, and if you enter your ID and password, your information will be stolen.

In order not to be deceived by such clever emails, Shinoda pointed out that the key points are to "check the sender's email address" and "log in from the official website or app".

Confirm the sender's email address

The phishing email sent to Mr. Shinoda was @より右側のドメインと呼ばれる部分の末尾が. cn".

「. cn" is a domain that is often used in China, and as a result of Shinoda's research, it was sent from a server in China.

However, Japan is widely used in the country". JP" phishing emails and emails from addresses similar to the name of the provider of the service are also increasing.

In addition to confirming that the address is legitimate, Shinoda wants you to contact the business operator by phone or check the official website of the business operator for correct information.

Log in from the official website or app

There are also fake login screens that look just like the real thing in some phishing emails.

Even if Shinoda receives an email claiming to be a service of a domestic business operator that he uses, he urges people to avoid clicking on the URL immediately and to log in from the official website or app.

Mr. Shinoda says, "E-mail addresses may be leaked, so even if you receive an e-mail with important content, be sure to check with the business operator by phone, and companies also need to understand that customer information that could be misused for crimes is being sold in cyberspace, and proceed with information collection and response."

"Phishing" nearly 5 times in 50 years

According to the Anti-Phishing Council, which is formed by private businesses such as credit card companies, the number of reports of phishing scams has increased nearly 2018 times in five years, from about 2,2019 in 5 to about 5000,2020 in 22, about 2021,52 in 1, about 96,5 in 50, and about 1,330 in one year last year.

Along with the increase in phishing scams, fraudulent use of credit cards has also increased sharply, and according to a survey by the Japan Credit Association, the amount of damage in one year has reached more than <> billion yen.

Recently, there have been various and sophisticated methods such as pretending to be a courier's absence notice or pretending to be the National Tax Bureau, and the council warns people not to click on the URL if they receive an email or text message asking them to log in to the site.

Black market = also available from the black market

In addition to phishing, the black market on the Internet = black market may have been obtained by the criminal group to obtain IDs, passwords, and email addresses.

Ritsu Shinoda, president of Southplume, an information security company in Tokyo, points out that a lot of information such as user IDs, passwords, and email addresses is bought and sold on the black market = black market.

With the cooperation of Mr. Shinoda's company and overseas companies, we actually investigated the status of transactions on the black market.

One of the black markets discovered by the research group was exchanged on highly confidential social networks with the names of several payment services used in the Japan.

And there were posts such as "We will sell email addresses used in Japan in hundreds of thousands of units."

I found out that programs that allow you to check the payment services that the person usually uses from their email address are also being bought and sold.

In addition, in some cases, the black market sold information purporting to be a user's ID or password, as well as a photo of a driver's license or a mobile phone number.

According to Mr. Shinoda, IDs and passwords are traded at a higher price than email addresses.

Information security company "South Plume" President Ritsu Shinoda

President Shinoda talks about the reality of transactions on the black market, saying, "There are cases where millions or tens of millions of information are being traded at once, and recently we have confirmed posts selling 1000 million login information that is thought to have been leaked due to a virus."