Scams now begin through phone calls, text messages, email, social media ads, video, search results, and payment screens. The most important patterns to watch are impersonation of police or public agencies, investment offers on social platforms, phishing that abuses familiar brands, and technical support scams. These schemes often share the same pressure points: urgency, borrowed authority, and requests for identity verification or asset protection.
This article summarizes practical checks for individuals and small businesses, based on public information from Japan’s National Police Agency, the Council of Anti-Phishing Japan, IPA, and the FBI IC3. There is no single control that prevents every scam, but separating contact verification, payments, identity checks, and account protection makes many attacks easier to stop before money or data is lost.
Key Takeaways
- Treat requests for asset transfers, bullion purchases, cryptocurrency payments, or video-based identity checks as high-risk even when the caller claims to be police or a public agency.
- Social media investment and romance scams often use claims such as guaranteed returns, official backing, celebrity endorsement, or a private opportunity.
- Phishing is no longer limited to email. Use official apps, saved bookmarks, or a password manager instead of links in messages.
- Organizations should separate approval for payment, vendor bank changes, administrator recovery, and urgent executive requests.
- If a scam may have succeeded, preserve messages, URLs, payment details, and screenshots, then contact the financial institution, police, consumer support, and the affected service quickly.
The Main Entry Points
| Entry point | Common pretext | Safer response |
|---|---|---|
| Phone or video call | Police, prosecutor, bank, or support desk | End the call and contact an official number you find yourself |
| Social media ad or DM | Investment, side job, celebrity advice, friendship, romance | Refuse pressure to move to a private chat or payment flow |
| Email or text message | Identity check, unpaid bill, delivery, tax, account alert | Do not use the link; check through the official app or bookmark |
| Payment or crypto transfer | Asset protection, investigation, fee, deposit, refund | Stop if the action is being directed by someone else |
Police and Government Impersonation
Japan’s National Police Agency reported that recognized special fraud cases in 2025 reached 27,832, with losses of about 142.31 billion yen. A major driver was police impersonation, where criminals claimed an investigation required cash or other assets. That category accounted for 11,014 recognized cases and 100.5 billion yen in losses. Provisional figures through the end of April 2026 also showed large losses from social media investment fraud and police impersonation.
Recent warnings describe criminals claiming that an arrest warrant exists or that assets must be submitted to prove innocence. Some cases involved gold bullion, while others involved improper video-call demands. Police do not normally resolve such matters through social media or video calls, and they do not ask people to move assets, buy bullion, send cryptocurrency, or perform invasive video checks. If the contact feels threatening or unusual, stop the conversation and contact an official public consultation channel.
Social Media Investment and Romance Scams
In Japan’s 2025 figures, social media investment fraud caused 9,523 recognized cases and 128.8 billion yen in losses. Social media romance fraud caused 5,645 cases and 54.64 billion yen in losses. The first contact often came through banner ads or direct messages, including ads that misused images or videos of well-known people and promises such as guaranteed returns.
These scams rarely begin with a direct demand for money. They build trust through conversation, small apparent wins, group chats, and personal attention. The warning signs grow stronger when the other person asks you to move to a separate app, open a crypto account, share a screen, upload identity documents, or send funds to a platform they recommend.
Judge Phishing by the Route, Not the Design
The Council of Anti-Phishing Japan recorded 151,112 phishing reports in April 2026. The report noted abuse of e-commerce, credit card, securities, banking, payment, and online service brands, along with smishing and payment-screen redirection that imitated taxes, utility charges, insurance fees, and card billing.
Visual authenticity is not enough. Attackers can copy logos, use similar domains, abuse legitimate cloud services, hide behind shortened URLs, or buy search ads. When a message asks for login, payment, card data, or one-time codes, close the message and check through the official app, a saved bookmark, or a password manager that only fills credentials on the legitimate site.
Support Scams and Business Email Compromise
IPA’s 2026 threat list includes phishing, support scams, unauthorized internet banking use, and extortion or fraud through email and social media for individuals. For organizations, business email compromise remains a major threat. These attacks enter normal workflows such as invoices, vendor management, hiring, executive requests, and account recovery.
The FBI IC3 2025 report also identifies investment fraud, business email compromise, and technical support scams as major sources of losses. As synthetic media and language tools make messages, audio, video, and profile images more convincing, teams should not rely only on spotting awkward wording or suspicious visuals. Requests to change payment details, make urgent transfers, recover accounts, or keep a transaction secret should always be verified through a separate channel.
Practical Defenses for Individuals
- Use passkeys or multi-factor authentication for banking, securities, payment, email, and social media accounts whenever available.
- Use unique passwords and let a password manager open the legitimate site.
- For investment, refund, public benefit, unpaid bill, police, or government messages, verify through a contact method you find yourself.
- Create a family rule: pause and consult someone before sending money, identity documents, authentication codes, or screen-sharing access.
- Review social media privacy settings and reduce public information that can support impersonation.
Operational Checks for Businesses
Scam prevention is not only an IT task. The person receiving invoices, the person approving transfers, the person managing social ads, and the person answering customers can all be targeted through different channels. Common business risks include fake executive chats, vendor bank-account changes, malware disguised as hiring material, and advertising account takeover.
Start with the processes that move money or control accounts. Require out-of-band verification for bank changes, two-person approval for urgent transfers, strong authentication for administrators, regular reviews of social and ad account permissions, and clear customer-facing contact methods. It is more effective to create a safe pause procedure than to ask every employee to perfectly identify every suspicious message.
If You Suspect Damage
If money or personal data has already been sent, act quickly and preserve evidence. Contact the bank or card issuer, change passwords, review devices, notify the service provider, and keep messages, phone numbers, URLs, payment details, crypto addresses, and screenshots. Do not delete the conversation simply because it is upsetting.
Be alert to recovery scams. A second fraudster may promise to retrieve lost funds for an upfront fee or investigation charge. Limit follow-up support to verified institutions such as police, consumer support, financial institutions, and the official service involved.
FAQ
What should I do first if someone claims to be police?
Ask for the claimed department and purpose, then end the call. Do not use a phone number or link supplied by the caller. Look up an official contact yourself and verify independently. Requests involving asset transfers, bullion, crypto, or video checks are especially dangerous.
What if an online acquaintance recommends an investment?
Do not let the relationship become the basis for an investment decision. Separate chat apps, private trading platforms, crypto transfers, small displayed profits, and exclusive introductions are major warning signs. Check registration and legitimacy independently before any payment.
Is there an easy way to tell whether an email is real?
No method is perfect. A message can look polished and still be fraudulent. The safer habit is to avoid message links and check the issue through the official app, bookmark, or password manager.
Where should a company start?
Review the workflows for bank-account changes, urgent payments, administrator recovery, and ad account permissions. Require two-person or out-of-band verification before money or privileged access moves.
References
- National Police Agency SOS47: Special fraud figures through April 2026
- National Police Agency SOS47: 2025 special fraud and social media investment/romance fraud figures
- National Police Agency SOS47: Notable police impersonation tactics
- National Police Agency SOS47: Fake government websites and scam ads
- Council of Anti-Phishing Japan: April 2026 phishing report
- IPA: Information Security 10 Major Threats 2026
- FBI IC3: 2025 Internet Crime Report