PayPay Phishing Emails Impersonating Japan Pension Service Surge

Scammers in Japan are using phishing emails to impersonate the Japan Pension Service and steal money through the PayPay payment service [1, 2].

This scheme is particularly dangerous because it does not use a fake website to steal credentials. Instead, the emails launch the genuine PayPay application on the victim's device, bypassing typical security warnings and making the resulting transactions nearly impossible to reverse [1, 2, 3].

Reports of these phishing attempts have escalated rapidly this year. In March 2026, there were 592 reports ^[1]. That number climbed to 28,499 in April ^[1] and reached 56,555 in May ^[1]. Between January and June 9, 2026, there were 1,283 additional reports ^[1]. In total, over 86,000 phishing emails were reported between March and early June ^[1].

The attack leverages the trust associated with the Japan Pension Service to deceive users. Once the victim clicks the link in the email, the real PayPay app opens and prompts the user to complete a payment. Depending on the specific method used, the fraudulent transaction can be triggered in as few as two ^[2] or three ^[3] taps.

Because the transactions occur within the legitimate app, the funds are transferred quickly. An ITmedia reporter said that these transfers are not eligible for compensation and cannot be recovered ^[3]. A fraud prevention expert said to Livedoor that recovery is nearly impossible ^[2].

Authorities and security experts warn that the sophistication of this method—using a trusted app to facilitate the theft—makes it more effective than traditional phishing. Users are urged to be cautious of unexpected emails from government agencies that request immediate payment or action through third-party apps [1, 2].