Found a phishing URL? Shut it down instantly with one click. No contracts, no waiting—take control & DX your anti-phishing now! 🚀 Learn More

Phishing Scams Targeting Public Institutions and Municipalities: Domestic Phishing Cases 2025

Phishing Scams Targeting Public Institutions and Municipalities: Domestic Phishing Cases 2025

Feb. 26, 2025

This report details phishing scams targeting public institutions and local governments in Japan in 2025. Damage caused by support fraud and unauthorized access using remote control software is expanding. Specific examples and effective countermeasures are introduced.

    Table of Contents

In February 2024, the Fuefuki-shi Chamber of Commerce and Industry in Yamanashi Prefecture was seriously affected by a support scam. While browsing a website, a staff member was presented with a fake warning screen stating that the site had been infected with a Trojan horse, and contacted a phone number on the screen. Under the instructions of a scammer posing as a Microsoft employee, remote control software was installed on two business computers. As a result, a total of 10 million yen was illegally transferred from the Shokokai's bank account.

Furthermore, since the remotely operated computers were able to connect to a server that stored personal information, it has been pointed out that the personal information of approximately 2,000 individuals may have been leaked.

In response to this incident, the Fuefuki-shi Shokokai has taken the following measures to prevent recurrence.

  1. Reinforcement of information security education for staff: Raise security awareness of staff through continuous education.
  2. Review of online banking operation system: Enhance security by introducing two-step authentication, etc.
  3. Improve the network environment: Review the system to improve the security environment.

Public institutions and municipalities tend to be attractive targets for attackers due to their high reliability. For this reason, there is an urgent need to strengthen measures throughout the organization, such as raising security awareness among staff and implementing multilayered system defenses.

    Table of Contents