Amazon, Rakuten Lures Used in Japan CoGUI Phishing Blitz

Organizations and individuals across Japan are being targeted by a wave of phishing attacks leveraging a sophisticated toolkit known as CoGUI. The phishing campaign, currently circulating widely, impersonates well-known Japanese e-commerce brands such as Amazon and Rakuten in an effort to deceive recipients and harvest sensitive information.

Cybercriminals deploying the CoGUI phishing kit are taking advantage of its advanced evasion capabilities, allowing malicious emails to bypass traditional security filters. The kit enables attackers to craft convincing messages and spoof legitimate domains, increasing the likelihood that recipients will engage with the content.

The scale and persistence of the campaign suggest a coordinated effort to exploit consumer trust in major online platforms. Authorities and cybersecurity experts are urging heightened vigilance among users, particularly those receiving unsolicited messages that appear to originate from familiar services. The growing use of tools like CoGUI underscores the evolving tactics used by threat actors to compromise targets in Japan’s digital landscape.