TOKYO (TR) — Tokyo Metropolitan Police are investigating a massive fraud ring that has siphoned approximately 1.3 billion yen from corporate bank accounts across Japan since last month using an automated phone scam known as “voice phishing,” reports NHK (June 28).
Investigative sources revealed that the perpetrators are targeting companies that utilize the internet banking services of major financial institutions.
The sophisticated scheme begins with an automated phone call pretending to be from a bank. The automated voice falsely informs corporate employees that a “computer update is required,” tricking them into providing their direct contact details.
Under the guise of enhancing cybersecurity, the scammers then manipulate the employees into installing remote-control software on their work computers. Once the software is active, the fraudsters send a link to a fake banking website, prompting the victims to enter their account information and passwords.
The criminals then use the remote-control software to bypass security measures and initiate massive unauthorized wire transfers.
Individual companies have been fleeced of more than 100 million yen
Since last month, more than 30 companies nationwide have fallen victim to the scam, with total damages reaching 1.3 billion yen. In some extreme cases, individual companies have been fleeced of more than 100 million yen.
Tokyo police suspect that the crime syndicate is specifically targeting corporate accounts because they carry significantly higher daily transfer limits compared to personal accounts.
This latest wave of cybercrime follows a similar string of voice phishing incidents that began around November last year, which primarily targeted small and medium-sized enterprises using regional banks.
The National Police Agency and major banks are urging businesses to remain on high alert. Authorities advise employees who receive suspicious calls to hang up and independently verify the inquiry by contacting their local bank branch directly. They also warn users to only enter account credentials through official banking apps and verified websites.
