A summary of how to deal with voice phishing and actual cases
보이스피싱 당했을때
We introduced things to do, such as reporting when you are victim of voice phishing, how to deal with it, and representative examples of actual damage. Voice phishing scams are constantly evolving. In the past, the method of inducing fraud damage through direct phone calls was the main method, but these days, smartphone text messages, KakaoTalk, lies about kidnapping family members, and various link click inducements are mass-producing damage regardless of means and methods.
index
1. Voice phishing cases and methods summarized (actual cases)
* Voice phishing methods
* Actual voice phishing incident
* Examples of voice phishing damage cases
2. Damage suffered by voice phishing
3. What to do immediately when you are victim of voice phishing, how to report and deal with it
* Request suspension of payment by calling 112 without delay
* Call the Financial Supervisory Service at 1332 for consultation, and the Financial Supervisory Service Personal Information Exposure Accident Prevention System registers your information
* Visit the police station to obtain an ‘Incident Accident Confirmation Certificate’ and submit it to the bank that applied for suspension of payment
* Find and delete suspicious applications that you have not installed
* Check the fact of damage by using account information integrated management service and identity theft prevention service
4. Preventive measures to avoid falling for voice phishing
1. Cases of voice phishing and summary of techniques (actual cases)
Statistically, the most common age group among voice phishing victims is in their 20s.
According to the statistics of the Daegu Metropolitan Police Agency, 51% were in their 20s, 17% were in their 60s, 16% were in their 50s, 6.7% were in their 40s, 1.7% were in their 30s, and 4% were in their 70s. The fact that it exceeded was somewhat surprising.
In addition, males account for 74.5% of all victims, and females account for 25.5% of all victims, as males account for an overwhelming majority of victims than females. Judging by statistical figures, it can be seen that males in their 20s are the most vulnerable to voice phishing.
Voice Phishing-Damage-Statistics
Voice phishing damage statistics
* Voice phishing methods
Text messages or KakaoTalk messages from unknown numbers because the family’s cell phone is broken (the screen is broken), requesting personal information such as micropayments and ID photos, inducing the installation of a specific app
A text message stating that it is possible to obtain a loan at a low interest rate by impersonating a famous commercial bank
Characters impersonating various government agencies (police, prosecutors, district offices, city hall, etc. public agencies) and financial institutions
After withdrawing cash by phone impersonating a government agency or financial institution, induce deposit to another place
Payment approval letter that has not been paid
If you take out a high-interest loan first and repay it, your credit rating goes up and you can get a low-interest loan.
This is the actual voice phishing text used
real-voice phishing-text
real voice phishing text
Requiring sensitive information such as accounts and passwords for employment reasons
Encourage clicks on links with text messages indicating that violations of traffic laws have occurred
* Actual voice phishing incident
1. Impersonating a prosecutor at the Seoul Central District Prosecutor’s Office, claiming that ‘his account was involved in a crime and should be investigated by an employee of the Financial Supervisory Service,’ and tricked the victim into giving him a loan, and then summoned the victim and swindled 170 million won in face-to-face on two occasions.
2. Impersonating a shopping mall counselor, after seeing the air purifier payment text message, the victim called the victim, saying, “I suspect fraud damage,” and instructed the police to apply instead, and another accomplice, impersonating a police officer, called the victim and said, “The situation of overseas fund leakage in the gambling case.” A case in which 70 million won was transferred and defrauded by asking for the OTP number after requesting ‘installation of a remote control app for financial investigation’
3. Suwon District Prosecutor’s Office pretended to be a prosecutor and created a cannon bankbook by identity theft, so in order to prove that there was no crime related, they induced to pay and send a gift certificate with the KakaoTalk app gift function, Google gift card and Happy Money gift certificate worth 1.15 million won cheating case
4. Impersonating a loan counselor of famous bank A, borrowing from bank B in the second financial sector and repaying it immediately will improve your credit rating, so you can get a loan from bank A at a low interest rate.
5. Impersonating an employee of a famous financial institution and receiving a face-to-face payment of 20 million won by deception, saying, ‘Corona government-sponsored policy funds can be refinanced at low interest rates, but part of the loan must be repaid first due to a breach of contract for the existing loan’
* Examples of voice phishing damage cases
Example of phishing with fake payment approval text
Example of phishing with fake-payment-approval text
Example of phishing with fake payment approval text
An example of impersonating a bank employee and phishing for a loan
Example of phishing-baiting-loan by impersonating-a bank-employee
An example of impersonating a bank employee and phishing for a loan
2. Damage suffered by voice phishing
If a malicious program is installed, the phone will not work. Or, even if you call, they will all be connected to phishing criminals.
All information on the mobile phone is exposed to phishing criminals (account numbers, passwords, all photos, contact information of acquaintances, etc.)
Fraudulent withdrawal of money from the account using the exposed account number and password
The victim’s personal information is used to open a cell phone -> open a credit card with the opened cell phone -> borrow a credit card with a credit card in the victim’s name to cheat.
Open a bankbook in the name of the victim and use it for the crime (If you use it as an account for depositing other victims’ voice phishing damages, there is a possibility of being involved as an accomplice in voice phishing)
Connect the malicious code installer to the text message or KakaoTalk message link that the victim is going to be tempted to -> Click the link, and micropayments continue to occur. (aka ‘Smishing’)
3. What to do immediately when you are victim of voice phishing, how to report and deal with it
You must call 112 without delay to report the damage and request suspension of payment. At this time, if your cell phone has already been infected with a malicious program, even if you call 112, you may be connected to a phishing criminal, not the police, so be careful. Reporting using someone else’s cell phone is one way.
Call the Financial Supervisory Service (1332 without an area code) to receive counseling and register your information in the Financial Supervisory Service Personal Information Exposure Accident Prevention System.
Financial Supervisory Service – Personal Information Exposure – Accident Prevention System
Financial Supervisory Service Personal Information Exposure Accident Prevention System
Financial Supervisory Service – Personal Information Exposure = Accident Prevention System
Go to Financial Supervisory Service Personal Information Exposure Accident Prevention System
If there are suspicious applications that you have not installed, delete them immediately. (In some cases, you may need to reset your phone. If you have important data, make a backup first)
Visit the police station and receive an ‘Incident Accident Confirmation Certificate’. (It must be issued within 3 days of requesting suspension of payment.)
In order to extend the payment policy, you must visit the bank that applied for suspension of payment and submit the issued ‘Incident Accident Fact Confirmation Certificate’.
Go to ‘Payinfo’, an integrated account information management service, and check whether an account or card has been opened that you do not know about.
Account information integrated management service – Payinfo
Account Information Integrated Management Service Payinfo
Payinfo – Shortcut
Go to Payinfo
Through the identity theft prevention service of the Korea Information and Communications Promotion Association, you can check whether your cell phone has been opened without your knowledge.
Identity theft-prevention service-homepage screen
Identity theft prevention service
Identity Theft Prevention Service – Homepage
Go to the identity theft prevention service website
Phishing-damage-main-contact
Key contact in case of phishing
4. Preventive measures to avoid falling for voice phishing
Voice phishing techniques are evolving day by day. New techniques not covered here today may appear again at any time. However, you need to be extra careful to avoid falling victim to even the current trend. We introduce ways to prevent it, so please check it out below.
Be especially careful when clicking links in texts and KakaoTalk with the [Web] mark at the top of the text. The [Web] mark is automatically displayed on text messages sent in bulk over the Internet. Normal non-voice phishing messages also show the [Web] mark, but voice phishing messages that are sent randomly in large quantities always show the [Web] mark, so we recommend that you be especially careful when pressing it and avoid pressing it as much as possible. Once infected with malicious code, the phishing criminal can access all information stored on the mobile phone, including all notes, all photos, and messages, and can remotely install programs necessary for hacking on the mobile phone infected with malicious code.
If you receive a phone call pretending to be an employee of a public institution, etc., after confirming the person’s position, department, place of work, etc., hang up first, and then find the phone number of the institution yourself and call to confirm the authenticity. In particular, be especially careful not to call the phone number provided by the phishing criminal at this time. Even the act of making a phone call can infect you with malware. (aka ‘farming’)
Just like text messages, e-mails impersonating public institutions may contain links to malicious code from phishing criminals, so be especially careful when clicking on them. Also, do not open e-mails or attachments from unknown sources and delete them.
Do not participate in indiscriminate Internet events such as sweepstakes. It can be a clue to handing over personal information to phishing criminals.
Be careful when leaving phone numbers and e-mail addresses on internet bulletin boards. (For example, there was a case where phishing criminals left their information on a job portal site, and then phishing criminals approached the victim with that information and used it as a voice phishing cash collection method to get in trouble.)
If you induce remittance through a message impersonating an acquaintance, be sure to check the authenticity of the phone call directly with that person. If you ask for a direct call, the phishers will say that you cannot make a call for one reason or another.
Be careful not to take a picture of your bank OTP security card and keep it on your smartphone.
PCs in public places such as PC rooms and libraries are vulnerable to security, so do not use them for online financial transactions.
Do not download and install executable files (*. apk files) with clear sources other than apps downloaded from authorized app markets such as Google Play, App Store, and Samsung Store on your smartphone.