New scam uses code to steal cash over Web

On July 31, a 37-year-old real estate agent surnamed Yoo logged onto an Internet banking page with his computer to wire some money to a client. When he entered his password, the page suddenly went blank. He immediately checked his balance in a new window, and it was fine. He decided to use another account to get the job done, thinking the site was just experiencing technical problems.

But two days later, he found that a total of 20.8 million won ($18,520) had been taken from his account in seven separate withdrawals during the early hours of the morning.

Yoo had been bitten by a new type of scam that police are calling “memory hacking.” It uses indiscriminately distributed malicious code that can tell when you’re on a bank site.

“The malware is distributed to computers when a person downloads movies, or sometimes via e-mails,” said Jeong Gi-young, director of the IT security division at the Financial Supervisory Service. “Then that malicious code is activated when a person logs onto a bank Web site.”

On July 30, a 44-year-old merchant surnamed Bong logged onto his bank’s site and wired 2 million won. He didn’t have any trouble sending the money like Yoo did, but there was one strange step he hadn’t had to do before. A pop-up window appeared on the screen and asked him to reenter his password. He felt a little strange about it, but did what he was asked, thinking the bank might have strengthened its security system.

At 1:54 a.m., Bong was woken up by the sound of a text message coming in. In a flash, he was wide awake as read the message: “A total of 36 million won has been wired to MG Community Credit Cooperatives.” He immediately reported the incident to the bank and the police, but the money had already been withdrawn from six different ATMs.

According to the National Police Agency (NPA), this new type of bank fraud was first detected in June. A total of 61 cases were reported that month with damages of 240 million won. In July, there were 27 more cases, but the amount jumped to 310 million won. The NPA issued a memory hacking alert on July 3 and a bank fraud warning yesterday.

The first iteration of this type of scam was first found in the United States in 2003. In those cases, con artists disguised themselves as an Internet service provider and collected credit card and bank account information via e-mail.

The next model was voice phishing, where people are tricked into transferring money with phone calls. It has been widely used in Asian countries such as Korea, Japan, China and Taiwan since 2006.

As the government strengthened crackdowns, new scams called “messenger phishing” and “pharming” appeared. After that, it was “SMishing,” which uses short messaging services.

The number of voice phishing cases has gradually decreased; 8,244 cases were reported in 2011 but only 5,709 last year. New scams like pharming have been on the rise, with 1,263 cases reported in the last seven months.

“It is hard to trace those criminals as they usually operate such scams overseas, in places like China,” said officer Lee Min-soo of NPA’s economic crime department.

BY MIN KYUNG-WON AND KWON SANG-SOO [sakwon80@joongang.co.kr]