Police warned the public after finding smishing and voice phishing cases that exploited consumer anxiety over the Coupang personal data leak. Smishing is a tactic that lures users to click a specific app or internet address to steal personal information and siphon off money.
The Korean National Police Agency's task force for telecom and financial fraud said on the 7th that new types of smishing and phishing scenarios exploiting the Coupang personal data leak are being reported one after another.
According to the new tactic described by the Korean National Police Agency, the scammer first approaches by saying, "A credit card was issued in your name." If the person says they did not apply for a credit card, the scammer adds, "Due to the Coupang-related personal data leak, a card you did not apply for may have been issued," and "You need to check with the customer service center."
At that point, the scammer provides a fake customer service phone number. If the victim calls that number, the scammer says, "We need to check for malicious app infection," and induces the installation of a remote-control app. Once installed, the scammer can manipulate the phone at will, steal personal information, and even take money.
In addition, schemes were found that induce users to click a specific link by claiming that delivery of items ordered in connection with the Coupang incident may be delayed or omitted.
The Korean National Police Agency said, "Do not click any messages or URLs (internet addresses) sent from unknown phone numbers and delete them immediately," adding, "Remember that government agencies or financial institutions do not ask you to install apps via phone calls or text messages."