Please select a language

Please select the country/region where you would like to introduce your business.

Contact Us
Contact Us

Please select a language

Please select the country/region where you would like to introduce your business.

Knowledge How Do Today's Sophisticated Phishing Emails Trick Users? Learning from Real Cases to Build Future Security Measures


How Do Today's Sophisticated Phishing Emails Trick Users? Learning from Real Cases to Build Future Security Measures

In recent years, cyberattacks targeting companies have continued to increase, and among them, “phishing emails” have become especially sophisticated and advanced. In the past, many could be identified by broken language or poor design, but today’s phishing emails feature correct language, precise brand imitation, and convincing layouts—so polished that they are nearly indistinguishable from genuine emails.

In this column, we introduce recent examples of advanced phishing emails and explain how the threat structure cannot be fully prevented by conventional “user education” alone. We also discuss the importance of technical signals that IT departments should focus on, such as “email routing.”

Key Points of This Column

  • Sophisticated phishing can no longer be judged by content or appearance alone.
  • In case studies, irregularities in the email transmission route were an important factor in determining that emails were phishing.
  • Companies are now required to implement not only user education but also technical, multi-layered defense measures.

1. Examples of Advanced Phishing Emails

This column introduces extremely sophisticated phishing emails that were actually received on March 6, 2025. These emails had spoofed display names and sender information and were written in extremely natural Japanese. In addition, they precisely imitated the logos and designs of well-known Japanese brands, making them difficult to identify as fake even for users with high IT literacy.

Example 1: “3D Secure Authentication Update” Email Impersonating a Major Card Company

Email Content

This email claimed to be from a well-known Japanese card company and requested the recipient to “urgently update their 3D Secure authentication to strengthen security.”

Key Points of This Technique

By using an official logo and natural Japanese, the email increases credibility while creating a sense of urgency to prompt immediate action.

  • Natural Japanese:
    Polite and natural wording that appears as if it was written by a Japanese employee.
  • Design imitating an official notification:
    Uses an official logo and a layout comparable to a genuine notification email.
  • Abuse of trust:
    Exploits an actual brand that has many users in Southeast Asia.
  • Creating anxiety:
    Uses wording such as “If you do not update by the deadline, your card usage will be restricted,” increasing the recipient’s anxiety and triggering immediate action.

Attacker’s Objective

The attacker’s ultimate goal is to steal 3D Secure authentication information, such as IDs and passwords. They make recipients believe they are accessing a legitimate official website, direct them to a fake authentication page, and steal the information entered there.

Example 2: High-Urgency Email Disguised as a “Usage Notification” for 105,690 Yen

Email Content

This email was disguised as an automated notification stating that “a card transaction of 105,690 yen has occurred.”

Key Points of This Technique

By presenting a high-value charge, the email induces psychological panic in the recipient and leads them to click.

  • High-value charge:
    Presents an unfamiliar high-value charge of “105,690 yen,” causing the recipient to become alarmed.
  • Skillful guidance:
    Encourages the recipient to click a link with wording such as “If you do not recognize this transaction, please check via the link below,” making the link appear to be the only means of confirmation or cancellation.

Attacker’s Objective

The attacker aims to steal authentication information and card-related information for unauthorized card use. They use the information entered by recipients who click the link in panic.

2. Common Issue: The Limits of Judging by Appearance

What these examples have in common is the fact that it has become extremely difficult to determine whether an email is genuine or fake based only on its content or appearance.

When employees are busy with daily operations, it is not realistic to carefully verify the authenticity of every email they receive. Furthermore, because the writing is natural and the brand logos are reproduced with high accuracy, even users with strong security awareness may mistakenly trust such emails.

We must recognize that we have already entered an era in which phishing can no longer be detected based only on the content of emails.

3. The Decisive Factor in the Analysis Was Visualization of Email Routing

So how did the IT department identify these sophisticated emails as phishing? The decisive factor was technical information invisible to users, especially analysis of the “email delivery route,” or routing. This information is not normally something users can check in their email software; it can only be understood through specialized checks such as email header analysis.

Irregularities Common to the Two Phishing Emails

Although the emails impersonated Japanese brands, the initial sender was overseas—in China. In the context of an email received at an office in Indonesia from a Japanese brand, a route originating from China and passing through multiple countries would be extremely unusual.

In addition, while ordinary emails usually pass through around three to four servers, these emails followed complex routes passing through five to seven servers. The normal number of hops can vary depending on environmental factors such as forwarding settings, gateways, and cloud service usage. What matters is not simply whether the number is high or low, but whether it is unusual compared with the company’s normal baseline.

Why Routing Information Is Important

Email routing information can serve as a new layer of defense that does not rely solely on user education. There are three reasons for this:

  • Even if an email looks normal in appearance, it can be judged based on objective evidence such as routing anomalies.
  • IT departments and security personnel can detect anomalies without waiting for user reports and quickly begin investigation and initial responses such as issuing alerts.
  • By adding technical analysis rather than relying only on traditional user education, companies can build a stronger defense structure through multi-layered protection.

Related Column

Complete Guide to Email Security Measures: A Thorough Explanation of the Latest Threats and Essential Countermeasures

Email Security Guide: Latest Threats and Countermeasures

Related Service

Cloud-based targeted email attack countermeasure service Active! zone SS

Cloud-based targeted email attack countermeasure service

4. Always Use Official Information, Not Links, for Verification

If you receive an email that may be phishing, the golden rule is not to click links in the email, but to verify it yourself through the official website.

In fact, financial institutions and card companies often publish warnings about phishing emails on their official websites. By comparing the received email with such official information, you may be able to determine whether it is a phishing email.

Establish Verification Rules as Internal Company Policy

Measures that users can easily take should be formalized as internal rules and thoroughly enforced. This will help prevent damage caused by phishing emails.

Example Internal Rules

  • Never click links in emails.
  • Log in yourself through bookmarked official websites or official apps to check information.
  • If anything is unclear, use the legitimate contact information listed on the official website, such as a phone number or inquiry form.

5. Summary: How Should Companies Respond?

Modern phishing emails now commonly use fluent language and high-precision brand imitation. Even at overseas locations, including those in Indonesia, large volumes of Japanese-language phishing emails targeting Japanese people are being received.

Under these circumstances, companies should take the following measures:

  1. Continue user education and awareness activities while recognizing that there are limits to what these measures alone can prevent.
  2. Utilize technical information invisible to users and introduce mechanisms that detect and filter suspicious emails on the system side.

Phishing emails can no longer be fully prevented by user awareness alone. Moving away from a system that depends on individual caution and building a multi-layered defense structure that combines technical approaches is the key to protecting companies from the ever-evolving threat of phishing.

If you have concerns such as “I am worried about my company’s email security” or “I want to learn more about the latest phishing countermeasures,” please feel free to consult KDDI Indonesia.

We provide comprehensive email security solutions, including “Active! zone SS,” which enables visualization of email routing.

Related Services

Supervisor

Shohei Hara(原 匠平)

Joined KDDI Corporation as a new graduate in 2019. Worked in corporate sales for five years.
Mainly for foreign-affiliated companies and domestic manufacturing companies, engaged in proposing ICT solutions including networks and cloud services.
Since 2024, seconded to KDDI Indonesia. As a sales representative, provides SI support for Japanese companies expanding into Indonesia and is also in charge of marketing activities.

Do you need more information?

Key Points for Security Measures at Overseas Locations

Key Points for Security Measures at Overseas Locations

Connect with KDDI consultants for inquiries and quotations.

Related Knowledge Articles