Phishing is a fraud technique that uses fake websites, emails, and SMS impersonating real companies or organizations to steal personal and login information. The term is believed to combine "Fishing" and "Sophisticated." According to the Anti-Phishing Council, domestic phishing reports in Japan exceeded 1 million in 2023, approximately 1.2 times the previous year.
Phone number-related phishing includes multiple methods. Smishing using SMS impersonates delivery notifications or bank security alerts to direct victims to fake sites. Vishing (Voice Phishing) directly extracts personal information over the phone, increasingly combined with caller ID spoofing to impersonate banks or police. Furthermore, phone numbers obtained through phishing can escalate to SIM swap attacks, creating a chain of expanding damage.
Phishing techniques grow more sophisticated each year. Fake sites indistinguishable from real ones (URLs differing by just one character), emails using real staff names, and fake sites with SSL certificates (lock icon) mean the traditional approach of "spotting suspicious sites" is no longer sufficient.
Specific preventive measures include: never clicking suspicious links, accessing services directly via official apps or bookmarks rather than email/SMS links, setting up two-factor authentication, and using password managers (which won't auto-fill on fake sites due to URL mismatch, alerting you). The most powerful defense is adopting passkeys (FIDO2), which technically neutralize phishing since authentication cannot succeed on phishing sites. Also review bank transfer fraud prevention.