Cybersecurity firm Symantec reported the campaign, which uses emails titled “Yodobashi.com: ‘Customer Information’ Change Request Notification” to trick recipients into visiting fake login pages. A new wave of phishing attacks impersonating Japanese electronics retail giant Yodobashi Camera has emerged, leveraging urgency and brand trust to steal customer credentials. Embedded links redirect users through multiple domains, including compromised websites and cloud-hosted pages, before landing on a spoofed Yodobashi login portal designed to harvest usernames, passwords, and payment details. The phishing emails, sent to Yodobashi customers since mid-February 2025, claim that the recipient’s account information has been altered and urge immediate verification. In April 2020, attackers impersonated the retailer’s membership portal, directing victims to domains like yodobashi.mwc.[恶意域名].cn to steal credit card data. The attacks highlight evolving tactics in social engineering, including multi-stage redirects and exploitation of security tools to mask malicious intent. Zscaler’s 2025 predictions warn of AI-generated content tailoring scams to individual victims, while “browser-in-the-browser” attacks mimic legitimate login windows. For instance, subdomains now include Japanese-language strings (e.g., soumui, referencing Japan’s Ministry of Internal Affairs) to enhance credibility, a tactic previously observed in jp-domain phishing schemes. Links in the emails route through benign-looking intermediary pages, such as PDF hosting sites, before reaching the phishing portal. With 942 GB of data stolen from Japanese automotive supplier HARADA INDUSTRY in a separate Qilin ransomware attack, businesses must prioritize employee training and AI-driven threat detection. Notably, the campaign employs Symantec Click-Time URL Protection, a legitimate security service, to disguise malicious links. Yodobashi customers are currently advised to treat unsolicited account alerts with caution; a moment of skepticism could prevent irreversible financial and reputational damage. As phishing tactics grow more sophisticated, consumer vigilance and industry collaboration remain pivotal in curbing digital fraud. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This tactic mirrors a 2024 phishing operation that abused Symantec’s URL rewriting tools to bypass email filters. Yodobashi Camera has been a repeated phishing target. The Yodobashi campaign aligns with these trends, utilizing dynamically generated IDs and localized lures to lower suspicion. Attackers registered domains like yodobash.curtain-[恶意域名].com, combining legitimate brand terms with randomized strings to avoid blacklisting.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Feb 2025 14:15:16 +0000