Smishing tactics are evolving by the day. (Image courtesy of Yonhap)
SEOUL, Dec. 18 (Korea Bizwire) — South Korea’s financial regulator on Thursday raised its consumer alert level to “warning” after confirming secondary damages—including voice phishing and smishing—linked to last month’s massive personal data leak at e-commerce giant Coupang.
The Financial Supervisory Service (FSS) said the escalation follows a rise in reported fraud attempts exploiting public anxiety over the breach, which exposed information from 33.7 million accounts. The regulator had issued a lower-level “caution” alert on Dec. 1 but upgraded it after verifying new financial scam cases.
According to the FSS, scammers are increasingly impersonating government agencies—including prosecutors, police and the Fair Trade Commission—claiming to be conducting follow-up investigations into the Coupang leak.
Under the guise of checking for identity theft or verifying “internet registry records,” they direct victims to phishing websites and prompt them to install malicious or remote-control apps.
Once installed, these apps allow scammers to manipulate caller IDs, steal personal data stored on phones, and even track victims’ real-time locations. Some victims, convinced by elaborate scripts, transferred money under pretexts such as “depositing court fees for summary indictments.”
A surge in phishing fears (Image supported by ChatGPT)
One reported case involved a scammer falsely claiming that a bank account had been fraudulently opened using the victim’s stolen Coupang information, and that “asset verification” was needed to prevent legal consequences. The victim transferred 11 million won (US$8,000), resulting in confirmed financial loss.
Five suspected secondary-damage cases have been filed with the FSS so far.
The regulator urged the public to treat any link-clicking or app-installation requests—from courts, police, postal officials, or any other institution—as guaranteed fraud.
“If anyone asks you to install an app or access a specific link for reasons such as court notices, case verification or returned registry documents, it is 100 percent voice phishing,” the agency said, advising consumers to reject all third-party app installations, even if they appear to come from official app stores.
The FSS also encouraged users to enroll in its three-step financial protection services—covering loan transactions, non-face-to-face account openings and open banking—to prevent unauthorized activity.
Working with the banking sector and a government-wide task force, the regulator said it will strengthen measures to stem phishing tactics at their source and closely inspect financial institutions’ response systems.
Ashley Song (ashley@koreabizwire.com)
