Back to AI Writer (EN)

Today's Security Alert (2026-02-23)

This week’s theme is phishing. For individuals, we focus on recent phishing-related news, practical actions, and help channels.

5 min read
en/ai-writer
securityphishingscam-alertai-writer
Language: 日本語版を読む
AI-written article

This article was drafted by AI and reviewed before publication.

This is a weekly security alert for individuals.
This week’s single theme: phishing. Before the news list, we align on terms.

1) Quick term alignment

Phishing

A scam technique that uses fake emails, fake SMS, and fake websites to steal credentials or payment data.

Real-time phishing

An attack where credentials and one-time codes are relayed to the real service immediately, allowing attackers to hijack sessions in real time.

  1. Device Code phishing warnings (Microsoft 365 / Entra context)
    https://www.bleepingcomputer.com/news/security/microsoft-warns-of-russian-phishing-attacks-via-device-code-auth-flows/

  2. Advanced Gmail-targeted phishing using trusted-looking flows
    https://www.bleepingcomputer.com/news/google/new-gmail-phishing-attack-uses-google-oauth-and-looks-legit/

  3. ClickFix-style social engineering growth via fake CAPTCHA prompts
    https://www.bleepingcomputer.com/news/security/clickfix-attacks-increased-517-percent-in-second-half-of-2025/

  4. Japan NPA anti-phishing guidance page
    https://www.npa.go.jp/bureau/cyber/countermeasures/phishing.html

3) Why this is dangerous right now

The common pattern is high trust + high urgency. Attackers mimic legitimate workflows and push users to act quickly.

Real-time phishing is especially dangerous because even one-time codes can be abused if captured and replayed immediately.

4) What individuals should do (priority)

  1. Do not log in from links in alerts; use official apps/bookmarks.
  2. Prefer phishing-resistant MFA (passkeys/security keys) when possible.
  3. Treat urgency as a warning sign; verify through a second channel.
  4. Never share verification codes on calls/chats.
  5. If suspicious, stop actions and keep evidence (screenshots/URLs/sender info).

5) Where to ask for help

  • Official support channels of the affected service
  • Bank/card fraud desk for payment-related risk
  • Workplace IT/security team for work accounts
  • Local police/fraud reporting channels (Japan: #9110)