Kaori Fuchi Advisors Tokyo Japan Newsroom


News & Media

May, 2014

Lectured for tax accountants who want to start up their business.

“How to hire an ideal staffs for your firm.”

December 2013

Introduced as an Japanese tax professional who can communicate in English in “Japan Startup Guide 2013”

October 2013

Lectured in Tokyo on behalf of ESSAM KK for tax accountants.

“How to set up your business as an tax accountant.”

September 2013 – August 2014

Serialized an essay for readers who want to be an tax accountant.


Lectured in Osaka on behalf of ESSAM KK.

“Let’s become a winner as an tax accountant.”                        

September, 2013

Interviewed by Nikkei newspaper.

“Tax saving for investment of foreign real estate.”

August, 2013

Lectured in Sendai on behalf of ESSAM KK.

“Let’s become a winner as an tax accountant.”

July, 2013

Lectured in Tokyo on behalf of ESSAM KK.

“Let’s become a winner as an tax accountant.”

June, 2013

Lectured at Tokyo CPA Association’s Shibuya Block Conference.

“Tax Treatments for expats who Work Overseas.”

June, 2013

Interviewed by popular women’s magazine, “DRESS,” for their feature on Female Entrepreneurs in Japan.

January, 2013

Featured in Kansai University of Foreign Languages website.

December, 2012

DVD, produced by BIZUP SOKEN KK, goes on sale.

“Salaries for Expatriates.”

December, 2012

Lectured at ESSAM KK.

“Basics for International Tax Accounting.”

October, 2012

DVD, produced by ACCS Consulting Co. Ltd., goes on sale.

“International Tax for Tax Accountants.”

September 2012

Interviewed for issue 26 of Tax Accounting Industry News published by ACCS Consulting Co. Ltd.

“Tax Accountant specializing in international taxation matters”\

August 2012

The Tax Accountant Blog (written by Kaori Fuchi) was presented in Taxation Institute of Japan's website Zei-no-machi (Town taxation).


These Are Today's Top 8 Cyber-Crime Trends According to Europol by Online Security

In its Internet Organized Crime Threat Assessment (IOCTA) report released today, Europol has detailed today's top 8 most prevalent cybercrime trends, for which investigators have seen a rise in detected incidents since the start of the year.


The report, which highlights an upward trend for volume, scope and material cost of cybercrime, comes on the heels of UK authorities announcing earlier in the year that cybercrime has surpassed traditional crime for the first time in their country's history.


#1: Crime-as-a-Service

Europol says that the digital underground is shifting towards a Crime-as-a-Service business model, with various individuals and groups specializing in a niche crime and providing technical support and service for that crime alone using online services.


From illegal weapons sales to on-demand hacks, and from DDoS-for-Hire services to exploit kit packages, you can buy online almost any type of cybercrime service these days.


#2: Ransomware

If you read Softpedia's Security News section, you can hardly go one day without reading a report on ransomware-related topics. Besides ransomware, Europol also says that banking trojans have been a popular form of malware this year as well.


#3: The criminal use of data

Recent hacks and data breaches have thrust troves of data in the public eye, which crooks are leveraging for other hacks, fraud, and even extortion.


#4: Payment fraud

Europol says it received a large number of fraud complaints, which were traced back to organized crime groups hacking ATMs, EMV, and contactless (NFC) cards.


#5: Online child sexual abuse

The large number of online tools and services providing complex and unbreakable end-to-end encryption, along with anonymous payments supported via crypto-currencies has resulted in "an escalation in the live streaming of child abuse."


#6: Abuse of the Darknet

More and more crime-related activities have now moved to the Darknet (or Dark Web), a portion of the Internet for which you need special software like Tor and I2P to access. Criminals are taking advantage of the anonymity these networks provide to go about their business unabated.


#7: Social engineering

Europol says that spear-phishing incidents aimed at high-value targets have gone up in 2016, and it highlights the increase in CEO fraud (BEC scams) attacks.


#8: Virtual currencies

Europol says Bitcoin has become the de-facto standard currency for extortion payments. This is also the reason why Europol established a Bitcoin Money Laundering Division earlier this month.

Online Security: Apple urges iPhone users to update after powerful cyberweapon is found

SAN FRANCISCO – Apple on Friday urged iPhone owners to install a security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by malware dealers.

Researchers at the Lookout mobile security firm and Citizen Lab at the University of Toronto said they had uncovered a three-pronged attack targeting the dissident’s phone “that subverts even Apple’s strong security environment.”


Lookout and Citizen Lab worked with Apple on an iOS patch to defend against the attack, called Trident because of its triad of methods, the researchers said in a joint blog post.

“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5,” Apple said in a released statement.


Trident is used in spyware referred to as Pegasus, which a Citizen Lab investigation showed was made by an Israel-based organization called NSO Group. NSO was acquired by the U.S. firm Francisco Partners Management six years ago.

Lookout referred to Pegasus as the most sophisticated attack it has seen, accessing calls, cameras, email, passwords, apps and more.


The spyware was detected when used against Ahmed Mansoor, a human rights activist who has been repeatedly targeted using spyware.

After receiving a suspicious text with a link, he reported the matter to Citizen Lab, which worked in conjunction with San Francisco-based Lookout to research the affair.


“The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information,” the joint blog post said. “This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.”


Mansoor received text messages on Aug. 10 and 11 promising that secrets about detainees being tortured in United Arab Emirates jails could be accessed by clicking on an enclosed link, researchers said.

Had he fallen for the ruse, the Trident chain of heretofore unknown “zero-day exploits” would have broken into his iPhone and installed snooping software.


Once infected, Mansoor’s iPhone would have been turned into a “spy in his pocket” capable of tracking his whereabouts and conversations, Citizen Lab said.

Mansoor was targeted five years ago with FinFisher spyware and again the following year with Hacking Team spyware, according to Citizen Lab research.


“The use of such expensive tools against Mansoor shows the lengths that governments are willing to go to target activists,” the researchers said.

Although the cyberattack on Mansoor was not linked to a specific government, Citizen Lab said indicators pointed to the UAE.


UAE authorities did not comment on the matter.


Lookout and Citizen believe the spyware has been “in the wild for a significant amount of time.”

“It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android and Blackberry.”


Citizen Lab has also found evidence that “state-sponsored actors” used NSO weapons against a Mexican journalist who reported on high-level corruption in that country and on an unknown target in Kenya.

The NSO tactics included impersonating sites such as the International Committee of the Red Cross, the British government’s visa application processing website and a wide range of news organizations and major technology companies, the researchers said.


Mansoor’s decision to enlist Citizen Lab instead of falling into the trap gave researchers a rare chance to expose the work of “shady cyber arms dealers” who command high prices for morally questionable services, said Lookout’s vice president of security research, Mike Murray.


Invoices posted online have shown that hackers can charge tens of thousands of dollars per target hit with their software.

“The smartphone is a valuable target, and breaking into it is a valuable skill set,” Murray said. “People who can do this, and with wiggle room in their moral code, have realized the business opportunity.”


NSO Group has been around since 2010, and the capture of one of its weapons was billed as a first.

Studying Trident has helped cyberdefenders find ways to spot spyware that had been operating unseen, and they are “actively catching it in the wild now,” Murray said.


He declined to reveal anything about other targets, saying that they were people likely to be under surveillance in other ways by local authorities.

Citizen Lab saw the attack on Mansoor as further evidence that “lawful intercept” spyware has significant abuse potential, and that some governments can’t resist the temptation to use such tools against political opponents, journalists and human rights defenders.

Online Security: People encouraged to better secure online accounts following Yahoo breach

Residents who use Yahoo Mail are being encouraged by the S.C. Department of Consumer Affairs to take action to secure their online accounts following the announcement last month of a massive breach.


During the last two weeks of September, Yahoo announced that at least 500 million user accounts had been compromised.


An investigation by Yahoo following suspicions of an attack in July uncovered a far larger, allegedly state-sponsored attack in recent weeks, according to the Associated Press.


“We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said in a statement last week.


Given the importance most people place on protecting personal information, the Department of Consumer Affairs is encouraging Yahoo Mail users to take action by following several tips, said Megan Stockhausen, communications coordinator with the agency.


  • Change the account password and security questions immediately. Use strong, creative passwords (uppercase, lowercase and special characters) and don’t share them with anyone. Also, don’t use the same passwords or security questions for multiple accounts, especially when using an email address as the login name on a site.


  • Watch out for phishing attempts, which is defined by asking for personal or sensitive information via a phone call, text or email is a tactic used by scammers. Never reply to texts, pop-ups, or emails that ask for verification of personal information. Avoid clicking on links or downloading attachments from suspicious emails or texts.



  • Closely monitor financial and benefits statements/accounts. Check all monthly statements and account activity, especially for financial accounts saved as payment options on internet merchant sites.


Review them carefully and notify the financial institution/provider as soon as an unauthorized or suspicious item is spotted.



  • Consider a fraud alert and security freeze. Scammers may use the stolen information to open new accounts.



A fraud alert and security freeze are free security measures for a credit report. A fraud alert tells a business accessing the report to take extra steps to verify that the person holding the account is the one seeking its goods/services.


When a security freeze is in place, no one can access the report without the account holder approving it.


Stockhausen said these tips can help anyone trying to secure any personal online information.

Business Email Compromise – Top Phishing Attacks of 2016 by Oakmere Road

In this series of blog posts we examine the most common forms of phishing attacks and appropriate countermeasures to protect both individuals and organizations – in this post we explore Business Email Compromise and the potential fall-out for executives.


Business Email Compromise


At the start of 2016, the FBI warned that it had seen a 270% increase in CEO scams, also known as Business Email Compromise (BEC) scams.


With these scams, savvy cyber criminals are taking the time to harvest personal information and learn the processes within a company. Once armed with this information, they target carefully selected employees with a spear phishing email designed to get access to confidential business information or transfer money into an unknown account.


Companies that have recently fallen victim to this kind of criminal fraud include:


- Ubiquiti Networks – the finance department was targeted by a fraudulent request from an outside entity that resulted in $46.7 million being transferred to an overseas account held by external third parties after an employee was impersonated.

- Mattel – a finance executive wired more than $3 million to the Bank of Wenzhou after the ‘new CEO’ requested a vendor payment. According to reports, Mattel quickly realized that it had been victim of a fraudulent request and worked with Chinese authorities to get the money back.

- FACC – the Austrian aircraft parts maker, whose customers included Airbus, Boeing and Rolls-Royce, reported that they had fired their chief executive after cyber criminals stole €50 million ($55.7 million) in an email scam.


Agari research found that more than 85% of spear phishing attacks are enabled by legitimate cloud services, and the majority do not contain a malicious link or attachment, which make them a lot harder to detect.


BEC Countermeasures


A multi-pronged approach is required to counter these types of targeted attacks:

  1. Strengthen Internal Processes – To counter the threat of this type of attack, organizations must introduce policies that ensure that no one person or single email can authorize transactions. Instead, there needs to be a mixture of communication channels verifying any request for confidential or financial information.
  2. Multi-Layered Approach – There is not a single solution available that can solve the breadth of the email security problem. What’s needed is multiple controls – a cocktail of complementary solutions that provides a multi-layered approach to cyber security where prevention, early detection, attack containment, and recovery measures are considered collectively.
  3. Establish Per-message Authenticity – Organizations need a solution that considers sophisticated data science and email security intelligence in order to reinstill trust into the email ecosystem and establish the ‘true’ identity of an email’s sender.


Download Agari’s executive brief on the Top Phishing Attacks of 2016 to learn more about best practices to stopping phishing attacks.


You can also check out the other posts in the Top Phishing Scams series:


- Ransomware

- Data Breach of Employee Information

- Consumer Email Fraud

- Hacktivism

PayPal “Verification Required” Phishing Scam Email by Oakmere Road


“Verification Required” email purporting to be from PayPal claims that your account has been limited due to several listed security issues and you must click a “Remove Limitation” button to address the issues.


Brief Analysis:

The email is not from PayPal and the claim that your account has been limited is untrue. In fact, the email is a phishing scam designed to steal your PayPal account login credentials, your credit card numbers, and other sensitive personal information.


Detailed Analysis:

According to this email, which claims to be from PayPal, your account has been limited and your “verification is required”. The email, which addresses you as “Dear Customer”, claims that the limitation has been imposed because someone else has logged into your account, you sent or received money related to fraudulent activity, and you violated the terms and the user agreements.


It features a “Remove Limitations” button that will supposedly allow you to deal with the account issues mentioned.


However, the email is not from PayPal and the claim that your account has been limited is a lie. Instead, the email is a typical phishing scam designed to steal your personal information.


If you hit the “Remove Limitations” button, you will be taken to a bogus website that has been built to emulate a genuine PayPal login page. The page asks you to login with your PayPal email address and password. After logging in, you will be taken to a second form that asks you to verify your account by supplying your credit card numbers, your name and address details, and other identifying information.  After submitting the requested information, you may receive a final message claiming that you have successfully removed the account limitations.


Meanwhile, the criminals can use the information you supplied to hijack your PayPal account and steal or misuse its funds as well as use your credit card for fraudulent transactions.   They may also be able to steal your identity using the personal and financial information they have gathered from you.


PayPal scams like this one are very common. Be wary of any PayPal message that claims that your account has been limited, disabled, or suspended and you must click a link or open an attached file to verify account details. PayPal will never send you an email or text message that makes such demands. Note also that PayPal will always address you by name in its messages. Genuine PayPal messages will never use generic greetings such as “Dear Customer”.


If you receive one of these emails, do not click any links or open any attachments that it contains.


The PayPal website includes information about how to recognize and report such phishing scams.

Top scams for college students to avoid by Oakmere Road


EAU CLAIRE, Wis. (RELEASE) -- College students are often intended targets of scams. Newly independent and excited to be on their own, that freedom can make them targets of and susceptible to scams.


Students don’t always necessarily recognize when a scam comes knocking. As college students begin to head back to campus, the BBB wants to remind students and parents about preventing fraud when they’re away from home.


BBB has some information on the top scams for college students to avoid:


Roommate/Rental scheme – If you post an ad for a roommate on Craigslist, beware of “fake roommates” who are out of the country, but can provide the rent upfront in the form of a money order. When you receive it, the amount is higher than the amount requested (overpayment scam). You are asked to cash it, and wire back the rest. This is a scam!


Credit Cards – Credit card offers are all over campus. While it’s important to build credit, it’s more important to maintain good credit. Many of these cards have annual fees or charge high interest rates on purchases. Shop around for the best rate and pay off your credit card bills every month.


Employment – Beware of ads that pop up near campus offering jobs with “no experience necessary.” Often, these “opportunities” are bogus! If you are interviewed in a hotel lobby or required to sign a contract, or have to pay for everything including training, travel, lodging, food, etc. associated with the job – forget it! Check out a company first with bbb.org.


Scholarship/Grants – Scholarship-finding services “guarantee” grants or scholarships. They sell lists to students on potential scholarship or grant opportunities. However, nearly all available financial aid comes from the federal government or from individual colleges. Go to grants.gov for more information.


Safeguard your ID – Keep your personal information, including your driver’s license, student ID, debit cards, credit cards, and bank information in a SAFE place. Be wary of any online solicitations, emails, social media sites, or phone calls asking for your personal information. NEVER give out personal information to someone you don’t know.