This is a highly sophisticated phishing attack targeting users of online marketplaces (like the Japanese service Jimoty). Here is how the scam works and how to spot it.
1. The Trap: Fake Urgency
The page displays a message stating that your account has been suspended. It creates artificial pressure by claiming you must “verify your credit card details within 24 hours” to restore access.
2. The Red Flags (How to identify it):
- Malicious Domain: The URL in the screenshot is jmty.jp-order.cc. The official Jimoty domain is jmty.jp. Scammers use “look-alike” domains by adding extra words like -order.cc to trick your eyes.
- Unauthorized Payment Request: Legitimate services will never ask for your full credit card details (number, CVV, expiry) just to “verify your identity” or “reactivate an account.”
- Fake Support Chat: On the right, there is a popup window mimicking a “Support Chat.” It uses professional-sounding language to reassure you that the process is “secure” and “encrypted (SSL),” which is a common tactic to lower your guard.
3. The Goal: Financial Theft
Once a victim clicks the “Check” (チェック) button and enters their card information, the scammers capture the data in real-time to perform unauthorized transactions or sell the card details on the dark web.
4. How to Stay Safe:
- Check the URL: Always look at the domain name carefully. If it’s not exactly jmty.jp, it’s a scam.
- Don’t Click Links: If you receive a suspension notice, do not click the link in the message. Instead, go directly to the official website by typing the address in your browser or using the official app.
- Report & Block: If you encounter such a page in a URL shortener or message, report it immediately to the service provider.