With signs that hackers cleverly built phishing pages on some online shopping malls to steal card information recently confirmed, consumers are urged to be cautious.
The Financial Supervisory Service said on the 5th it issued a consumer alert at the "caution" level to reduce losses from fraudulent card use. The move came after the Financial Security Institute recently identified signs that credit card information was stolen from some domestic online shopping malls through hacking and phishing attacks and notified the Financial Supervisory Service.
As of the 29th of last month, a total of 5,707 cases were tallied as stolen by a professional attack group that steals card information. The crime was carried out by building, through hacking and other means, a phishing page that closely resembles the actual payment screen during the card payment process at some domestic online shopping malls with weak security.
It should be noted that phishing pages are designed to make it appear necessary to enter personal information such as card details, passwords, and resident registration numbers for payment, and they excessively collect personal information that is not required in a normal payment process. After stealing card information, they displayed an alert such as "payment error," then reloaded the normal payment page to prompt reentry of payment information; because a normal payment would be completed, this exploited the fact that consumers would find it difficult to recognize the phishing page.
The Financial Supervisory Service said the stolen information is highly likely to be used for unauthorized payments, and it is concerned about the illegal distribution of member personal information and additional harm. Accordingly, the Financial Supervisory Service advised, "If an online shopping mall requires you to enter excessive information such as a resident registration number or the full set of digits of a card password when paying by card, you should be suspicious and refuse."
This is because, in a normal payment process, there is no case where you are required to enter all the digits of a resident registration number or all four digits of a card password. If you suspect card information phishing after online shopping, it advised applying immediately to your card company to suspend the card, reissue it, and change the password to prevent further damage.
If the leaked password is reused on other sites, it should be changed to prevent additional harm. It also said to report immediately to the police if additional damage from information leakage is suspected. In cases of fraudulent card use using information stolen by illicit methods such as hacking, if the consumer has no intent or gross negligence, compensation can be obtained from the card company.