Gen, a global company with trusted brands such as Norton and Avast, has released its "2026 Q1 Threat Report Japan Edition" (January-March 2026). The report reveals an expansion of "social engineering attacks" in the Japanese market, which exploit human psychology and behavior, including phishing attacks, technical support scams, fake e-commerce sites, and SMS scams. Phishing attacks, in particular, doubled compared to the previous quarter, with over 10.68 million attacks blocked.

Attacks targeting Japanese users were also confirmed, including technical support scams via manga and anime distribution sites, fake shopping sites impersonating Rakuten, and SMS scams targeting Android devices.

Attackers used warning displays mimicking legitimate services like Rakuten and Amazon, pages with discounted products, and suspicious links across browsers, SMS, online shopping, and video/manga/anime distribution sites to trick users into entering credentials, clicking links, making phone calls, or entering payment information.

Phishing Attacks Surge, Remaining a Major Threat to Consumers

Phishing attacks continued to be the most frequently observed attack method targeting Japanese consumers. In phishing attacks, users are presented with login screens indistinguishable from those of trusted services and are redirected to slightly different domains, leading to the theft of credentials such as IDs and passwords. In Q1 2026, 10.68 million phishing attacks were blocked, protecting 2.23 million users. This is an approximate doubling from 5.56 million in the previous quarter.

While 80% of attacks were observed in Windows environments, attacks targeting mobile environments are also increasing, with 1.24 million phishing attacks confirmed on iOS devices alone. Phishing attacks not only steal personal information but also often serve as an entry point for subsequent account takeovers and financial fraud, making them a threat that requires continued vigilance.

Technical Support Scams Targeting the Japanese Market Increase by 145%

Technical support scams, which display warning screens such as "Your device is infected with a virus" and prompt users to contact them by phone or allow remote access, also saw a significant increase. In Q1 2026, 1.15 million technical support scams were blocked, a 145% increase compared to the previous quarter.

These attacks use full-screen warnings, alert sounds, and screen designs mimicking Windows to incite user anxiety and hinder calm judgment. When users call the displayed number, cases have been confirmed where they are asked to install remote access software or pay for unnecessary support services.

Furthermore, this investigation confirmed organized attack campaigns targeting Japanese users. Attackers exploited pirated content sites, manga viewing sites, anime distribution sites, and file-sharing sites, using Japanese content for their lures.

Fake Shopping Sites Increase by 67%, Attacks Impersonating Rakuten Also Confirmed

Fake shopping sites targeting online shoppers are also on the rise. These sites have an appearance indistinguishable from legitimate e-commerce sites and lure users by listing products at 30-50% below market price. However, not only do the products fail to arrive, but there is also a risk of stolen credit card information and other entered data. In Q1 2026, 1.96 million attacks related to fake shopping sites were blocked, a 67% increase compared to the previous quarter. The trend of targeting mobile shopping users is also strengthening, with over 500,000 iOS users alone becoming targets.

Further investigation revealed that web domains used in such attacks included specific brand names like Rakuten, confusing users' judgment.

SMS Scams Targeting Android Users Surge

Scams via SMS are also rapidly expanding. In Q1 2026, SMS scams targeting Android users, disguised as survey responses, increased by 6,637% compared to the previous quarter, and SMS scams falsely claiming lottery wins increased by 3,056%. Confirmed messages included content mimicking everyday messages such as LINE winning notifications, bank account usage restrictions, delivery notifications, and shopping-related information.

SMS is a communication method with high usage frequency and where users tend to have lower vigilance, making it an effective attack vector for attackers. Attacks are particularly confirmed on Android devices, making it crucial to carefully check the sender and content before opening links.

Malware Threats Exceed Scams, General-Purpose Infostealers Increase by 270%

According to Gen's Cyber Safety Research team, while social engineering attacks are expanding, malware, which tends to cause more severe damage, is also surging. In Q1 2026, Japan saw significant increases in multiple malware categories, including spyware (+419%), worms (+414%), general-purpose infostealers (+270%), and droppers (+164%).

These threats are not as conspicuous as scams, but once a device is infected, credentials, personal information, and financial information can be continuously stolen. Furthermore, there is a risk of device operations being monitored, granting attackers access to the device, or having additional malware installed.

General-purpose infostealers, in particular, are used as an entry point for unauthorized access and financial fraud by cybercriminals, as they steal saved passwords, cookies, and cryptocurrency wallet information without the victim's knowledge. In Q1 2026, 30,377 infostealers were blocked, with over a third of these targeting mobile devices. This represents a 270% increase from the previous quarter. These attacks aim to secretly steal saved passwords, browser sessions, and credit card information, characterized by users being unlikely to notice any anomalies.

General-purpose infostealers act as a "bridge" connecting the damage from today's phishing attacks to future fraudulent transfers and account takeovers, posing a threat that cannot be ignored in the Japanese market.

About Gen

GenTM (NASDAQ: GEN) is a global company that drives digital freedom through trusted consumer brands like Norton, Avast, LifeLock, and MoneyLion, dedicated to improving personal financial services and providing cyber safety in the digital society. Gen empowers individuals to navigate their digital lives safely, positively, and with peace of mind. Gen offers award-winning products and services in cybersecurity, online privacy, and identity protection to approximately 500 million users in over 150 countries. For more information, visit GenDigital.com.

About Gen Threat Labs

Gen Threat Labs is Gen's cyber safety research team that identifies and analyzes the latest digital threats and scams worldwide. Based on data, research, and technical expertise, it visualizes the risks of the evolving cyber landscape and provides insights that support the security technologies of brands such as Norton, Avast, and LifeLock.

FACT BOX

  • Source: PR TIMES
  • Category: サイバーセキュリティ
  • Organizations: Gen / MoneyLion / Amazon