Inside the intricate world of voice phishing

Let’s say you urgently need a little over a million won in cash. A friend or relative transfers the money to your bank account and alerts you of the fact. You go to an ATM, but the newly transferred money cannot be withdrawn. It will not be available to you for 30 minutes.

That has been the case since 2015. The automatic withdrawal delay was instituted among all banks as a way of combating criminal phone fraud, better known as voice phishing. The idea is that a victim of voice phishing often panics and transfers money to swindlers without thinking. If that money is frozen for 30 minutes, it gives the victim time to calm down, alert authorities to the scam - and possibly save their money.

The idea came from Lee Gi-dong, head of the Korea Financial Crime Research Center, a private institute dedicated to combating voice phishing. He admits it’s not a fundamental solution to voice phishing, but many victims have been afforded the “golden time” of 30 minutes to report the crime to authorities and get back their money.

Voice phishing remains a scourge in Korea.

Lee Gi-dong

In the first 10 months of last year, a total of 334 billion won ($300.3 million) was swindled from people by voice phishers. The total damage in 2017 was 243.1 billion won and in 2016 was 192.4 billion won. The number of bank accounts used by voice phishers was 46,000 in 2016, which dropped to 45,000 in 2017, only to rise to 47,000 in 2018.

The Korea Financial Crime Research Center’s Lee didn’t come up with his partial solution by accident. Before dedicating himself to preventing financial crimes, he was deeply involved in committing them.

Lee is a veteran voice phisher.

Lee’s involvement in voice phishing began when one of his friends asked to “borrow his bank account” in return for a payment of 500,000 won. “After receiving the promised money, I opened 50 bank accounts, all under my name, and handed them over. I earned 25 million won at once,” Lee recalls.

After making that easy cash, Lee ascended one rung in the voice phishing ladder: he began recruiting other people to open bank accounts who could be used by the scam artists.

“For these organizations, bank accounts opened in other people’s names are their bread and butter,” says Lee - they can’t do business without them. “Back in the day, I was the largest bank account recruiter in Korea.”

He posted pop-up ads on the internet to recruit people willing to hand over bank accounts in their names in exchange for cash. College students, housewives - volunteers from all walks of life answered the ads. Lee promised them 500,000 won to 800,000 won in cash in exchange for their bank accounts. He would receive 1 million won to 1.2 million won per bank account when he handed over the bank books to a voice phishing manager. The bank books were sent to him by courier from various regions of the country.

Top: A voice phishing ring member withdraws cash from an ATM in Jungnang District, eastern Seoul. Above: Police show items confiscated from a voice phishing ring. [POLICE]

Then the bank accounts were forwarded to voice phishing call centers, which are usually located outside of Korea but not too far: China, the Philippines, Cambodia or Vietnam.

Large voice phishing organizations rent entire buildings to use as cell centers. Operators work, eat and sleep under the careful surveillance of members of the organization. Typically four people work together: three voice phishers on the phones and one more senior member of the organization managing them.

The call centers used to use Chinese citizens fluent in Korean as operators. But their Korean proficiency wasn’t good enough, so the organizations switched to jobless Koreans in their late teens or early twenties lured abroad with the promise of making a large sum of money in a short period of time.

The centers also use hackers to troll people’s social media accounts to mine private information that can be used in the scam. They also get information on victims’ friends and family, who can also be swindled.

The average member of the public has become more aware of voice phishing than in the past - and the swindlers realize that. They now have a diabolically clever way of disarming potential victims. Call center operators - the voice phishers themselves - are now divided in two groups. The first group contacts a victim pretending to be a relative or associate asking for money to be transferred - the classic voice phishing scheme. Once the first call ends, however, the swindlers presume the victim will make a call to the authorities to ensure everything is true. That is when the second group goes into action. The swindlers have already infiltrated the victim’s phones through hacking. They are able to reroute a victim’s call to their own call center and the second group of operators pretends to be the police or the bank involved. They assure the victim the transfer should be made.

There’s a common perception victims of phone fraud are usually senior citizens. But according to the Financial Supervisory Service (FSS), over half of the money swindled by phone fraud comes from people in their 40s or 50s.

Lee was an active participant in the voice phishing criminal ring from 2004 to 2008 He was arrested by prosecutors in 2008 on charges of violating electronic financial transactions law and was sent to prison for two years and six months.

After being arrested, Lee became aware of the tragic consequences of voice phishing crimes. “I didn’t know that so many people killed themselves after being swindled,” Lee says. “It really made me deeply regret my past.”

His change of heart was also due to his mother, who had been anguished when he was arrested and sent to prison. She persuaded him to “start a new life.”

Lee decided to dedicate himself to preventing online scams and voice phishing crimes.

“I wanted people to prepare themselves in advance to guard against being swindled,” he says, “so I wrote about the techniques that I used when I used to scam people.” His 2014 book “Voice Phishing and Borrowed Bank Account - Uncovered” describes in detail the ways voice phishing are done.

He was soon being called by media outlets. In 2015, he started the Korea Financial Crime Research Center.

“Related authorities should work to sever all links that voice phishing organizations use to collect falsified bank accounts,” says Lee. “We have to strengthen the punishment that is given to people who surrender their bank accounts for money as well.”

But Lee admits that never have the call center operators or their flunkies working in Korea ever come into direct contact with any head of a voice phishing organization. The only arrests have been low level managers or phone operators.

The big fish of voice phishing swim on.

BY KOH SUNG-PYO, LEE HAE-SUN [jeong.juwon@joongang.co.kr]