Japan’s cybersecurity watchdog has warned ministries and agencies of a scam in which perpetrators register false email addresses, similar to official government ones, in the hope they receive mails with mistyped addresses, officials said Tuesday.
The government has confirmed that five emails were sent in fiscal 2018 to such addresses though none of them contained classified information, the officials of the watchdog said.
The “typosquatting” scam sees perpetrators set up an address similar to an official government email address.
For example, the Foreign Ministry’s email address ends with “mofa.go.jp” but addresses have been registered with “mofago.jp,” so mails can be delivered when a sender makes a typo.
The scam allows attackers to read emails before forwarding them on to the correct recipient, who is unaware of their mistake.
A similar scam could be waged against private companies.
“When sending emails to government institutions, senders need to confirm if the address is correct,” an official at the cybersecurity watchdog said.
The National Center of Incident Readiness and Strategy for Cybersecurity has not disclosed the names of ministries or agencies that were subject to the scam or the fake addresses used.