"We are guiding you to recover 150 million won from the coin exchange. Please access the URL (internet site address) below."
Phishing (fraud) crimes exploiting Bithumb, the No. 2 virtual asset exchange in Korea, and its 62 trillion won "Bitcoin mispayment" incident are rampant. Taking advantage of users' growing anxiety over news that a large sum was mispaid, text messages and calls impersonating the exchange and investigative agencies are coming one after another.
◇Typical phishing crimes that induce URL clicks
According to police and others on the 11th, the most common recent method is to impersonate Bithumb and send a text message saying "Check whether you are eligible for compensation," inducing a URL click. When you access the link, it leads to installing malicious applications or prompts you to enter personal information such as ID and password, a typical smishing (text message fraud) method.
Some also approach victims by saying they are "involved in a crime due to the mispayment incident," impersonating prosecutors, police, or Financial Supervisory Service employees. Cases have been confirmed in which they demand personal information or instruct victims to transfer cash or virtual assets to a specific account, saying they "need to protect your assets."
KB Kookmin Bank earlier also sent text messages to customers urging caution. KB Kookmin Bank said, "There are concerns about various smishing and phishing attempts exploiting the Bithumb Bitcoin mispayment incident," adding, "Extra caution is needed."
Around 7 p.m. on the 6th, Bithumb paid 620,000 bitcoins to 249 winners of an event. Winners should have received 2,000–50,000 won each, but the incident occurred when "won" was mistakenly entered as "bitcoin." About 35 minutes later, Bithumb canceled payment of 618,212 bitcoins (99.7%), but 1,788 were transacted in the meantime.
◇Phishing shifts with timing, such as "parcel delivery," ahead of the holidays
Phishing crimes tend to change their content to fit social issues or seasonal factors. Ahead of the Lunar New Year holiday, typical cases induce clicks with phrases such as "[OO Courier] Lunar New Year gift shipment, please check" and "Missed delivery being held." During periods when government subsidies are paid, texts impersonating public agencies also surge.
In the spring wedding peak season, "wedding invitation disguise" phishing is rampant. According to AhnLab, the most common phishing text type in the second quarter of last year was also impersonating a wedding invitation. During year-end tax settlement season, there are frequent cases of impersonating the National Tax Service to induce installation of malicious apps under the pretext of "refund inquiry" or "document submission."
A police official said, "When a major incident occurs in society, phishing crimes that exploit it to provoke anxiety increase," adding, "If you receive a suspicious contact, hang up immediately and check directly with the financial institution's official channel or the nearest police station, which is safer."
Financial authorities and investigative agencies are repeatedly stressing ▲ hang up immediately on calls impersonating investigative agencies ▲ unconditionally refuse requests for remittances ▲ do not click URLs from unknown sources ▲ refuse instructions to install or delete specific apps.
They also recommend signing up for the "Safe Block Service." This system blocks non-face-to-face account openings, unsecured loans, card loans, and other financial transactions across the entire financial sector to prevent identity theft. You can apply by visiting the branch of your financial institution, or through the Korea Financial Telecommunications and Clearings Institute's "Account Info" app and each bank's mobile banking.