The Anti-Phishing Council has released information about an increase in reports of emails that lead to phishing sites pretending to be Mercari. The site is in operation as of 14:00 on October 6, so please continue to be careful.
The subject lines of phishing emails are as follows:
The following contents were confirmed in the mail body. Specifically, there are various reasons such as "There was a violation", "You can receive points", "The payment deadline for Merpay Smart payment is approaching", "Use is restricted", etc. I am inviting you to access the
For details, please check [Prohibited Actions] in the Mercari Guide below. 《Method of identity verification》・Perform simple identity verification with the app
(Partial excerpt from the emergency information of the Anti-Phishing Council. Original text)
Immediately receive 10000 yen points. This URL is valid for 30 days. open a web page
(Partial excerpt from the emergency information of the Anti-Phishing Council. Original text)
The settlement deadline for September usage of Merpay Smart Payment is Sunday, October 31, 2021. You can pay from the button that says "Payment can be made" on My Page.
(Partial excerpt from the emergency information of the Anti-Phishing Council. Original text)
We are currently restricting the use of Mercari and Merpay. For the reason for the restriction, please check the content that we will contact you separately.
(Partial excerpt from the emergency information of the Anti-Phishing Council. Original text)
Example of email text (from the Emergency Information of the Anti-Phishing Council)The destination is a website that pretends to be the login screen of Mercari's member menu, and the input field for the email address and password is displayed. After entering, a screen asking for a 6-digit verification number sent by SMS will be displayed.
Redirected fake site (according to emergency information from the Anti-Phishing Council)The URL of the phishing site that is rerouted to is confirmed as follows. Please note that other similar domain names may be used.
https://a●●●●.cn/https://info.●●●●.cn/powanhttps://server.●●●●.cn/powanhttps://www.mercari-● ●●●.com/
The council said, "Phishing sites are often created by copying the screen of the real site, and it is very difficult to distinguish." Please be careful not to access from the link inside, but from the official smartphone app or browser bookmarks that you always use.