JSSEC Releases 'TOP 10 Smartphone Utilization Scene Threats 2026'
The Japan Smartphone Security Association (JSSEC) has announced the 'TOP 10 Smartphone Utilization Scene Threats 2026'. The ranking highlights Generative AI fakes, real-time phishing, and QR code scams (Quishing) as the top concerns. JSSEC urges service providers to adopt multi-layered defenses, such as Passkeys, to counter these increasingly sophisticated threats.
📋 Article Processing Timeline
- 📰 Published: May 19, 2026 at 00:00
- 🔍 Collected: May 18, 2026 at 15:31
- 🤖 AI Analyzed: May 18, 2026 at 15:34 (3 min after Collected)
On May 18, 2026, the Utilization Working Group of the Japan Smartphone Security Association (JSSEC) released its latest report, 'TOP 10 Smartphone Utilization Scene Threats 2026'.
Since JSSEC's founding in 2011, smartphones have become essential to daily life. However, fraud and exploitation methods continue to evolve. This 2026 edition was selected through workshops with member companies and public voting at the Cybersecurity Symposium Dogo 2026.
### TOP 3 Threats and Key Trends
1. **Generative AI-based Fake Video and Audio**
Generative AI can now recreate a person's voice and face in a short time, significantly increasing the persuasiveness of scams. This technology is being used in romance scams, investment fraud, and 'recruiting' scams on SNS. It also targets corporate and family impersonation to force urgent transfers or bypass KYC (Know Your Customer) processes.
2. **Phishing and Fake Emails (Real-time Phishing)**
Traditional phishing has evolved into 'Real-time Phishing,' where attackers steal not just login credentials but also authentication codes in real-time. This makes even two-factor authentication (2FA) vulnerable. AI is also used to create more natural and convincing messages in emails and SNS DMs.
3. **QR Code Fraud (Quishing)**
The rise of QR payments and contactless ordering has led to 'Quishing.' Since QR links are hard to verify visually, users may be led to malicious sites. Scammers often place fake QR codes on flyers, posters, or delivery notices to lure victims.
### Recommendations for Service Providers
JSSEC emphasizes that user vigilance alone is reaching its limit. Therefore, providers of SNS, financial, and payment services are urged to implement the following:
- **Strengthen Countermeasures Against Impersonation Ads:** Stricter screening of ads and faster response to reporting fraudulent accounts.
- **Transition to Phishing-Resistant Authentication:** Moving away from SMS codes to phishing-resistant methods like 'Passkeys'.
- **Multi-layered Security Design:** Implementing anomaly detection for logins and context-aware additional authentication.
Since JSSEC's founding in 2011, smartphones have become essential to daily life. However, fraud and exploitation methods continue to evolve. This 2026 edition was selected through workshops with member companies and public voting at the Cybersecurity Symposium Dogo 2026.
### TOP 3 Threats and Key Trends
1. **Generative AI-based Fake Video and Audio**
Generative AI can now recreate a person's voice and face in a short time, significantly increasing the persuasiveness of scams. This technology is being used in romance scams, investment fraud, and 'recruiting' scams on SNS. It also targets corporate and family impersonation to force urgent transfers or bypass KYC (Know Your Customer) processes.
2. **Phishing and Fake Emails (Real-time Phishing)**
Traditional phishing has evolved into 'Real-time Phishing,' where attackers steal not just login credentials but also authentication codes in real-time. This makes even two-factor authentication (2FA) vulnerable. AI is also used to create more natural and convincing messages in emails and SNS DMs.
3. **QR Code Fraud (Quishing)**
The rise of QR payments and contactless ordering has led to 'Quishing.' Since QR links are hard to verify visually, users may be led to malicious sites. Scammers often place fake QR codes on flyers, posters, or delivery notices to lure victims.
### Recommendations for Service Providers
JSSEC emphasizes that user vigilance alone is reaching its limit. Therefore, providers of SNS, financial, and payment services are urged to implement the following:
- **Strengthen Countermeasures Against Impersonation Ads:** Stricter screening of ads and faster response to reporting fraudulent accounts.
- **Transition to Phishing-Resistant Authentication:** Moving away from SMS codes to phishing-resistant methods like 'Passkeys'.
- **Multi-layered Security Design:** Implementing anomaly detection for logins and context-aware additional authentication.
FAQ
What is the biggest smartphone security concern in 2026?
Sophisticated impersonation using Generative AI. Even in calls or video chats, be skeptical of requests for money or personal data, as AI can mimic voices and faces convincingly.
Is Two-Factor Authentication (2FA) still safe?
Not entirely. Real-time phishing can capture authentication codes instantly. Transitioning to 'Passkeys,' which are resistant to phishing, is now strongly recommended for better security.
Is it safe to scan QR codes in public places?
Be cautious. 'Quishing'—where scammers paste fake QR codes over legitimate ones—is on the rise. Always verify the URL displayed after scanning to ensure it is the official site.