MENU
phishing

Watch out for suspicious email claiming to be from Mercari

Find out how you can protect yourself from fake email/text messages that may lead you to fraudulent websites that look like Mercari (phishing sites).

phishing

There have been cases reported of suspicious email and text messages leading users to fraudulent websites that look like Mercari (phishing sites) and asking users to fill out their personal information.
If you receive a suspicious email or text message like this, delete it immediately without opening the message. We will never ask for your personal information, including credit card information, over email.

What is phishing?

Phishing refers to emails and SMS messages, etc. that impersonate Mercari in an attempt to trick users into visiting phishing sites run by fraudsters.
In doing so fraudsters may trick those who visit the sites into inputting sensitive information such as passwords or credit card information onto the site.
This information may be used to fraudulently login to your account and abuse Mercari or Merpay’s services, used to attempt to login in and abuse other services where you use the same credentials, and/or for other malicious purposes.

Example of a phishing email claiming to be from Mercari

The email below is an actual phishing email used to target Mercari users.
The attacker disguises the link in the email as a link to Mercari’s official website (https://www.mercari.com/jp/) in order to trick the recipient into clicking on it. When clicked, the link actually takes the recipient to a different site (the attacker’s site).
The fraudulent website asks the user to input their password, address, phone number, credit card number, and other information, which the attacker will then misuse for their own purposes (making fraudulent payments to the credit card, etc.).

*Example of an actual phishing email

Example of an actual phishing email

*Screenshots of a phishing site imitating Mercari (past example)

Screenshots of a phishing site imitating Mercari (past example)

Check our news for the latest information on reported phishing attempts

We post notices and information regarding reported phishing attempts in the News section of both the Mercari app and website.
How to check the news:
– App: From the home screen, go to “お知らせ” (Notices), then “ニュース” (News)
– Website: Go to “マイページ” (My Page), then “ニュース一覧” (News)

What to do if you gave a phishing site your password

  • Log in to your account on the official Mercari app immediately and change your password.
    • Recently, there have been many cases of trying to log in to other websites using stolen password information.
  • Check for suspicious activity on the official Mercari app.
    • Check your account activity on the official Mercari app to see if there are signs your account has been used by someone else, such as logins, purchases, payments, or charges you don’t recognize.
  • Check for suspicious activity on all websites if you used that password for.
    • Change the password of the website and check the status in the same way.

How to change your Mercari password:
マイページ (My Page) > 個人情報設定 (Account settings) > メール・パスワードの設定 (Email/password settings)

How to change your Mercari password

How to check your Mercari account’s login history:
マイページ (My Page) > 個人情報設定 (Account settings) > ログイン履歴 (Login history)

How to check your Mercari account’s login history

What to do if you gave a phishing site your credit card information

If you entered your credit card information on a phishing site, there is a high probability that information will be used fraudulently. Contact your credit card company immediately.
The credit card company’s contact information can generally be found on the back of your credit card.

How to report phishing email/sites claiming to be Mercari

Suspicious emails:
Please forward the email to phish@mercari.com .
No further messages or clarification are required.
You do not need to change the subject of the email.

Suspicious text messages:
Please copy the content of the message and send it by email to phish@mercari.com.
No further messages or clarification are required.

Suspicious websites:
If you are led to suspicious sites that appear to be the Mercari site through other means, please copy the URL of the site and send it by email to phish@mercari.com.
No further messages or clarification are required.

The Mercari Security team will investigate all reports submitted to us through phish@mercari.com .
The information provided will be used according to our Privacy Policy to take countermeasures against phishing and other forms of fraud.

phish@mercari.com is a receive-only email address, and we will not respond to any messages sent to this address.
If you require direct support and guidance from us, please contact our customer support team through the official Mercari app in addition to submitted the report to phish@mercari.com .

  • You can do this by going to “マイページ” (My Page), then “お問い合わせ” (Contact us). Tap “お問い合わせ項目を選ぶ” (Select subject) and choose “その他” (Other).