In recent times, as our reliance on technology increases, so does the threat of online cybercrimes.Online Criminals are dedicated to stealing your online personal information and identification. Important details like user IDs, passwords, credit card or bank information as well as personal information are all at risk of theft from cybercriminals. These online thieves utilize phishing emails, or fraudulent websites as their methods of attack. Whether through email or the web, cybercriminals are sophisticated in making their attacks appear as if they are legitimate websites or messages. The even utilize phishing email schemes, to appear as though they are sent from Rakuten. One real-world example of this is an email that appeared to be sent from Rakuten with the email subject “Congratulations”. These cybercriminals attempted to lure the user with a promise of a prize by inputting their personal information into a fraudulent website. These falsified websites are artistically deceitful as they are often meticulously modeled after Rakuten, utilizing Rakuten’s logo, merchandise photos and descriptions taken directly from one of Rakuten’s services. These websites even feature an e-commerce shopping basket, helping to craft the illusion they are a legitimate service. Of course, no order will ever actually ship. This occurrence becoming more and more common has made all users question the safety and security of online services.
What is their goal?
The ultimate goal of cyber criminals in phishing attacks is to steal money from our service platforms. Rakuten has an ever-growing economy, with over 90 million active users utilizing over 70 services with revenue distribution accruing to over 10 trillion yen. This huge market makes Rakuten a prime target for attempting to retrieve important user with the intent of stealing user data to make money. These cyber criminals use stolen credit card information to purchase merchandise, typically for reselling to acquire capital to expand their operations. Stolen personal user information may also be sold to other online crime organizations.
Who are these criminals?
Cybercriminals operate almost anonymously, remaining hidden from the mases, yet Cybercriminals are always recruiting. Common recruitment demographics they seek are students studying abroad or a person living in poverty. Cybercriminals always recruit and communicate discreetly through online chats, and will usually offer the promise of a reward for joining their organization. As their communication and operations are online-based, a headquarters may not exist and their presence is always unseen, causing users to be unaware of their organization structure and attack ability.
Law Enforcement Cooperation
We cooperate with Japanese police by providing phishing emails we have detected or that users have reported to us. With regard to fraudulent websites, we monitor them every day and also forward these to the police. In our commitment to work directly with law enforcement, on August 4th we will make an official contract agreement with the Tokyo Metropolitan Police Department to provide cybercrime related incident evidence and information on a continual basis. This is to protect our own services, but also to provide information that supports Japanese law compliance regarding cybercrimes. In addition, we also aid in administering anti-cybercrime training for police investigators as well as occasional classes at police academies. We believe that sharing information in this capacity will help with their ongoing investigations.
What is the expectation?
Based on the assistance we will provide, we expect Japanese law enforcement to be successful in arresting current cybercrime perpetrators, as well as prevent future attacks or incidents. Being proactive in preventing future attacks is just as important as resolving the current cybercrime issues facing us. Though cybercrime is a cat-and-mouse game, through the joint efforts of law enforcement and Rakuten, we believe this positive relationship will help to better protect Rakuten and our users.
We are committed to the fight against cybercrime. Providing secure and safe services to our users is one of our core values. Our goal is to maintain safe, incident-free services that our users can trust. We pledge to mitigate cybercrime by putting policies in place to prevent it, and detect it if a cybercrime does occur. We promise to assist our users if our services have put their online safety in question. We promise to educate our users about anti-cybercrime, as well as train our employees on cybercrime incident management. We believe all of our efforts will create a reliable and safe online service ecosystem.