SMS phishing targets victims of credit card leaksLast month, when the prosecutor’s office announced that the personal information of more than 100 million account holders across three major credit card companies had been leaked in one of the most massive security breaches in history, nationwide panic set in.
But for those behind the scams, particularly those involved in SMS phishing, this systematic uncertainty provided a host of new opportunities.
In phishing scams, violators use technology to masquerade themselves as trustworthy entities, such as banks, baiting their victims with a message and then providing them the “hook,” usually or link or a website. In SMS phishing, the scam is carried out via text messaging services.
On Jan. 19, just 10 days after the prosecutor’s announcement, millions of vulnerable customers received dubious text messages containing suspicious links.
“To check if your personal information from KB Kookmin, NH or Lotte Card was leaked, click here: www.XX.gl/wj,” one message read.
Targets who clicked the link would later find that malicious codes had been installed on their cell phones, with their passwords for banking certificates and cell phone records having been compromised.
After the report, the police immediately blocked the IP address where the texts originated. Still, within two days, another SMS message began to circulate. This time it contained a message reading, “Click to check your changed credit information.”
Authorities blocked this one as well, but to no avail. The next day, another read, “Check your credit card payment records.”
SMS phishing, or smishing, has the benefit of being able to fit in to rapidly changing social trends. And just three weeks after the personal information leak, four different types of smishing ploys delivered enormous and widespread damage.
In analyzing the characteristics of smishing crimes that occurred from September 2012 to January 2014, the Cyber Terror Response Center of the Korean National Police Agency revealed that different “bait” prevailed during certain times.
Perhaps unsurprisingly, smishing ruses in January capitalized on personal information leaks, according to police data.
September 2012, when there were no particular ploys, saw the least number of smishing messages, with just 53 recorded cases. August saw the most, with 5,805 smishing cases.
“Controlling or preventing smishing scams is difficult because anticipating the types of text messages that will be popular is impossible,” a police official said.
BY CHUNG KANG-HYUN [email@example.com]