An online security researcher has discovered hundreds of fake websites pretending to be the official pages of major social institutions, including the prime minister's office, various ministries and agencies, municipalities, and private corporations.

The alarming discoveries have prompted authorities to begin cracking down on the sites.

It is not yet clear why the shady websites have been created, whether they exist to spread disinformation or otherwise, but the convincing forgeries are raising concerns it could be the start of a wide-ranging attempt to defraud the public.

Kenzo Masamoto, an employee at the Yokohama-based online security firm Macnica Networks Corp., uncovered more than 1,000 bogus pages on the internet, aping Japanese and other international websites.

"I have no idea about why the sites were created," Masamoto said, with a puzzled expression. "The creators might be making preparations for future cyberattacks by first introducing sites resembling real ones in appearance and then embedding computer viruses in them."

Near perfect spoofs of Japanese sites identified include the National Diet Library and other public organizations, newspapers and TV broadcasters, various large companies, universities, colleges and medical centers, among others.

The Kobe city government posted a warning notice on its official site on May 12, available at (https://www.city.kobe.lg.jp/a57337/shise/press/948044342589.html), urging caution against a counterfeit page that looks just like its own official website.

The municipality is warning that the fake and actual sites cannot be told apart based on their appearances; as soon as the real one is updated, its forged counterpart changes as well.

"The fake site apparently copies data from the real one each time information is updated," a city official said.

A city representative said Kobe will demand the overseas provider to make it inaccessible.

"There is a possibility of citizens being defrauded of their personal data, if pages detailing administrative processes, such as the one to apply for the subsidy program introduced amid the new coronavirus outbreak, are falsified," the representative said. "We will work to have the site shut down as soon as possible."

Fake sites often mimic major shopping services such as Amazon and Rakuten, or other e-commerce pages, and show images of goods at cheaper rates to lure in consumers so they can collect their credit card data and other personal information.

But the recently found fake sites are designed to show exactly the same content as the real ones, making it difficult to discern why those pages were created.

In one ironic case, the Kobe Shinbun newspaper published an article about the city warning about the website forgery, which then appeared as a news story on a fake site imitating the newspaper.

Given that they were potentially made to swindle internet users out of their personal information or money, communications carriers and security firms are developing countermeasures against the recently discovered fake sites.

Internet telecommunications carriers and security service providers are working toward making the dummy sites inaccessible, or shutting them down at the request of authorities and the operators of the actual pages.

SPOT THE DIFFERENCE

One effective way to detect when a page is a fake is, according to the city, to carefully check the page's address. While its official site address is www.city.kobe.lg.jp, the malicious copy uses the domain ".tk."

The Kobe city case is one of many reported instances where fake sites use addresses with uncommon domain names or country codes.

Masamoto suggested watching out for irregularities at the end of the website’s address to help spot dangerous sites. He said that it is necessary to look for whether a site ends with ".tk," ".ga," ".gq," and ".ml," or other uncommon domains.

"Tk" is the domain for the Tokelau Islands in New Zealand, and "ga" represents Gabon in Africa.

There are agents who provide web addresses from small countries and regions for free, and many recently identified fake sites are allegedly registered under the name of a Dutch website registration agency.