A Coupang member, a person surnamed Lee, received a call on the 5th from someone claiming to be a credit card delivery person, saying, "A Coupang-only credit card has been issued and must be received at your home." When Lee, who had no record of a card being issued, questioned this, the caller said, "Your identity may have been stolen because of Coupang," and instructed Lee to call a number starting with 1544 to make an inquiry.
When Lee called the number, a person claiming to be a customer service employee recited the last digits of Lee's account number and said the newly issued card had been set up so that charges would be withdrawn from the account. Lee sensed voice phishing because the actual account number was different and hung up. Lee said, "The card delivery person knew my name exactly, and the phone number also started with 010, so it was hard to be suspicious right away."
Attempts at financial crimes exploiting anxiety over the Coupang personal information leak are mounting. Since the vast majority of the public are Coupang members, voice phishing and smishing related to Coupang targeting the general public are expected to surge. Smishing is a portmanteau of short message service (SMS) and phishing, a tactic that induces the installation of malicious applications (apps) via text messages or steals personal information.
As of the 8th, according to the financial sector, suspected voice phishing reports related to Coupang are being filed with the Financial Supervisory Service and police. Numerous cases have also been reported of schemes that use the lure of a Coupang credit card issuance like the one Lee experienced. Many cases involved impersonating public institutions to say they needed to check whether personal information had been leaked, or inducing access to illegal URLs by saying they would provide compensation.
There are also schemes that, under the pretext that victim statements are needed for a Coupang investigation, demand receipt of an official document, and that claim delivery of items ordered from Coupang has been delayed or omitted and demand access to a website. All of them direct victims to fake websites and then induce fund transfers.
The Financial Supervisory Service (FSS) believes there is a high possibility that voice phishing rings will attempt Coupang-related voice phishing based on personal information they obtained in the past. A source at the financial authorities said, "When a massive personal information leak occurs, suspected voice phishing cases increase. There are cases where they create scenarios using Coupang to attempt voice phishing."
As of the 6th, among the suspected Coupang-related voice phishing reports filed with the Financial Supervisory Service (FSS), there have been no cases in which monetary damage occurred and an account payment suspension was requested. The FSS is checking to determine whether there has been secondary damage. On Dec. 18 last year, the FSS raised its consumer alert from caution to warning.