Symantec has recently observed an English phishing email that appears to be an official notification from a credit card company affiliated with a major Japanese bank, claiming that a limitation has been placed on the email recipient’s credit card due to a violation. The recipient is asked to provide information relevant to their account.
Last year we observed a similar phishing attempt that was trying to leverage this bank’s brand. However, that email was in the Japanese language and guided unsuspecting users to a Japanese-language phishing website. This new attack starts with an English email message, but links to a site that is written in Japanese where the recipient is asked to give up personal information such as a credit card number, credit verification value, personal identification number (PIN), and validity time. The spammers address the use of English in the email—excusing themselves for sending a message in English instead of in Japanese—...
