Scams no longer start only with a phone call. They now begin through social media ads, direct messages, email, SMS, search ads, fake websites, and even video calls. The common pattern is pressure: the scammer tries to shorten the victim’s thinking time and move quickly to payment, login, identity verification, or transfer of personal information.
This article summarizes the scam patterns that deserve priority attention, based on public information from Japan’s National Police Agency, Financial Services Agency, IPA, and the Council of Anti-Phishing Japan. The issue affects individual smartphone users, but it also matters to companies that operate websites, member services, ecommerce, support desks, recruiting processes, and accounting workflows.
Scam Patterns to Watch First
It is better to recognize the behavior than to memorize the name of each scam. The label changes, but the pressure tactic is familiar: create fear, create urgency, demand secrecy, imitate an official brand, or begin with a small payment before escalating.
| Pattern | Current warning signs | First response |
|---|---|---|
| Impersonation of police or government bodies | The caller says your account was used in a crime, an arrest warrant exists, or money is needed for bail or protection, then moves you to a video call or fake website. | End the conversation and verify through an official contact point you found yourself, not a number provided by the caller. |
| SNS investment and romance scams | Fake celebrity ads, investment groups, dating app contacts, cryptocurrency transfers, FX promises, or requests to move to private chat. | Do not send money. Check whether the financial operator is registered and treat personal bank accounts or outside chat groups as serious warning signs. |
| Phishing and smishing | Messages impersonate cards, payment services, taxes, pensions, delivery firms, or account security notices and ask for IDs, card data, or verification codes. | Do not open the link in the message. Check from the official app or a bookmark instead. |
| Business payment impersonation | A fake executive or business contact asks staff to create a social media group, send a QR code, confirm balances, or make an urgent transfer. | Use the company’s existing approval path and never approve a transfer through chat alone. |
The Numbers Behind the Risk
According to provisional figures published by Japan’s National Police Agency for the period through April 2026, recognized special fraud cases and related categories totaled 14,898 cases, with losses of 126.0 billion yen. SNS investment scams accounted for 4,381 cases and 59.25 billion yen, fake police scams for 3,058 cases and 32.52 billion yen, and SNS romance scams for 1,662 cases and 17.18 billion yen. The important point is not only the size of the losses, but also the flow from SNS or phone contact into bank transfers, crypto assets, and cashless payment tools.
The National Police Agency has warned that fake police scams may use calls, SNS, video calls, false police ID images, false arrest warrants, or caller ID that appears to match a real police office. A June 2026 warning also covered cases involving gold bullion and cases that included sexual exploitation. A displayed number or official-looking screen is not enough to prove authenticity.
The Council of Anti-Phishing Japan reported 126,061 phishing reports for May 2026. Credit card, ecommerce, payment service, social insurance, and online service brands were widely abused. The same report and related alerts also described emails pretending to be tax or national pension payment requests and leading victims to cashless payment request screens.
A 90-Second Check for Suspicious Messages
Trying to perfectly judge every message can slow action. In practice, these five checks are enough to stop many incidents before they progress.
- Is the other side rushing you? Arrest, account freezing, missed payment deadlines, and account suspension are often used to create fear.
- Did you find the contact point yourself? Avoid links, phone numbers, and URLs inside the message. Use the official website, official app, card, or contract documents.
- Is the requested payment method unusual? Personal bank accounts, crypto assets, gift cards, QR payments, payment request links, and overseas transfers raise the risk level.
- Are they asking for authentication data or identity images? Stop before entering one-time passwords, ID document images, facial images, bank details, or card details.
- Are they telling you not to talk to anyone? Instructions to avoid family, colleagues, banks, or police are a classic pressure tactic.
What Individuals Can Do Today
Open frequently used banking, securities, card, payment, delivery, government, pension, and tax services from the official app or a saved bookmark. Avoid logging in from search ads or message links. That habit alone reduces exposure to fake login pages.
Use a password manager or passkey where available. A password manager helps because it fills credentials only on the registered legitimate site, not on a lookalike domain. Reused passwords are especially risky because one leak can affect banking, ecommerce, and SNS accounts at the same time.
For families and small teams, a verification route is more useful than a secret phrase. If money, bank accounts, identity documents, or verification codes are mentioned, end the call once, call back through a separate known contact point, and do not let the person with payment authority decide alone.
What Website and Service Operators Should Prepare
Scam prevention should not depend only on user caution. Operators of member sites, ecommerce stores, booking services, SaaS products, recruiting pages, and support forms should make legitimate communications easier to distinguish from fake ones.
- State official contact methods on help pages and clearly list the information your company will never request by email or SMS.
- Do not make payment, identity verification, and password reset flows depend only on email links. Let users confirm important actions after logging in or through an official app.
- Implement SPF, DKIM, and DMARC, and consider mechanisms such as BIMI where appropriate to make legitimate email easier to recognize.
- For accounting, recruiting, and customer support, treat requests to create SNS groups or make urgent transfers as exceptions that require verification through another channel.
- Prepare a reporting and response process for fake sites, fake ads, and fake SNS accounts using your company name.
IPA’s Information Security 10 Major Threats 2026 lists phishing, support scams, extortion and fraud through email or SNS for individuals, and business email compromise for organizations. That means scam prevention is not only a security team issue. It also belongs in communications, accounting, legal, customer support, and product design.
If You Think You May Have Been Scammed
If you transferred money or entered information, do not wait because of embarrassment or uncertainty. Contact the bank, card issuer, or payment service first and ask about suspension, reversal, account restriction, and fraud investigation options. If you entered an ID or password, change it everywhere it was reused and enable multifactor authentication.
For police consultation in Japan, contact your local police station or the police consultation hotline #9110. For consumer trouble, use the Consumer Hotline 188. For suspicious investment solicitation, the Financial Services Agency also accepts information. Phishing emails and SMS messages can be reported to the relevant service provider or the Council of Anti-Phishing Japan to support takedown and warnings.
FAQ
If the displayed phone number looks real, can I trust it?
No. The National Police Agency warns that scammers may use caller ID that appears to match real police offices. End the call and verify through an official number you found yourself or through #9110.
Is it safe if I only reached a PayPay or other payment request screen?
Not necessarily. The Council of Anti-Phishing Japan has reported cases where emails pretending to be tax or pension payment notices led victims to cashless payment request screens. If the route began from an email or SMS link, stop before paying.
Is it acceptable to try an investment offer from an SNS contact with a small amount?
Small early gains may be staged to build trust before larger deposits or fees are demanded. Japan’s Financial Services Agency warns about investment solicitation through SNS, dating apps, and fake celebrity ads. Do not respond if the operator’s registration cannot be verified.
What should a company fix first?
Create a rule that money transfers, account privileges, identity data, and customer data cannot be approved by chat or email alone. Then strengthen email authentication, publish official contact methods, and prepare a reporting route for fake sites or fake accounts.
Sources
- National Police Agency: provisional special fraud figures through April 2026
- National Police Agency: unusual fake police scam methods
- National Police Agency: phishing countermeasures
- Council of Anti-Phishing Japan: May 2026 phishing report
- Council of Anti-Phishing Japan: phishing pretending to request national pension payment
- Financial Services Agency: warning on SNS and dating-app investment solicitation
- IPA: Information Security 10 Major Threats 2026