A 26-year-old man was arrested in western Japan on Wednesday on suspicion of embedding a malicious program in a website and stealing users' credit card information, police said, marking the country's first criminal probe into alleged "web skimming."

Sho Okuma is believed to have injected the code into a legitimate music-related website and illegally obtained payment information between October and November last year from three customers in Kyoto Prefecture who accessed the site to purchase merchandise, the police said.

Unlike phishing scams, in which potential victims are often redirected to counterfeit websites and prompted to input personal information, web skimming steals information through legitimate websites and can be difficult to detect.

"I found a website that accepted credit card payments and stole the information by embedding a malicious program in the website out of curiosity," he was quoted by the police as saying.

Okuma previously posted sympathetic messages regarding "Koshinkyo," a group known for sending bomb and death threats to schools and public organizations, and said he tried out the scam around the time when "unauthorized access was becoming popular" among members of the group, according to the police.

In January, Okuma and another man were arrested and later indicted for allegedly faxing a bomb threat to the Tokyo College of Music.

Related coverage:

2 men arrested for sending bomb threat to Tokyo college