Targeted attack e-mails that make users click on links and redirect them to phishing sites for ID/password theft or sites with viruses are becoming more and more popular. In actual targeted attack e-mails, the information you entered is abused by the attacker, and there is a risk of unauthorized access or virus infection. This is a training exercise, thus the information entered has been deleted and no actual damage has occurred.
Please be aware of the following points when clicking on links in emails.
[Points to Recognize Targeted Attack E-mail]
1) Is the sender’s e-mail address correct ?
E-mail sender name can be modified at will. Please check the e-mail address as well as the sender name.
In addition, the sender of the password related to the Marubeni Group China internal system is the department in charge (SHASYPL@jpn.marubeni.com etc.).
2) Is there anything suspicious in the e-mail contents ?
System notifications are often abused for targeted attack e-mail, please be careful when clicking on links. It is important to check whether there is anything suspicious in the e-mail contents.
In addition, Marubeni Group's password policy has been changed at the end of March this year (12 bit, complexity, expiration indefinite, etc.), so we will not receive such notification.
3) Is the URL link in the e-mail correct ?
The link may jump to a phishing site. Before clicking on the link, moving the mouse cursor over the link character to verify that the URL is correct. The actual link address might be a combination of IP and characters (Like 50.123 xxx.x/? Rid-SxLxbvj ) or a URL that could be mistaken for a legitimate site (such as https://b0x.com/)
Marubeni China Corporation
Information System Group