"Click to Receive Money"... Disaster Relief Fund Smishing Alert

Published 04 May.2020 11:31(KST)

Emergency Disaster Relief Fund Smishing Scams on the Rise
Clicking URL Installs Malware
Government: "Official Messages Do Not Contain URLs"
Do Not Click Unknown Messages and Install Antivirus Software

"Click to Receive Money"... Disaster Relief Fund Smishing Alert

[Asia Economy Reporter Song Seung-yoon] As the government began distributing emergency disaster relief funds starting today (the 4th), smishing scams disguised as support fund notifications are expected to surge, requiring caution.

Smishing is a combination of SMS (Short Message Service) and phishing (hacking to steal personal information), a criminal method that sends text messages to hack others' mobile phones. It commonly impersonates delivery companies or online shopping malls, but recently, it often uses issues of high social interest to induce clicks.

Recently, smishing related to the government's emergency disaster relief funds has appeared. It involves sending a URL link along with a message such as "A gift certificate containing the emergency disaster relief fund has arrived, please check." During the early spread of COVID-19, smishing related to confirmed patient information was rampant, but as the emergency disaster relief fund distribution period approached, smishing quickly changed its form.

According to the Korea Internet & Security Agency (KISA), as of the 28th of last month, there were a total of 2,360 suspected COVID-19-related smishing reports filed with the agency. Among these, smishing cases related to the emergency disaster relief fund have already exceeded 130 in just over half a month last month. This is expected to become more rampant starting today, when the support fund distribution procedures actually begin. The government also warned the day before that official emergency disaster relief fund messages do not include URL links and urged special caution against smishing scams.

Smishing messages related to emergency disaster relief funds and COVID-19 (Photo by online community capture)

Clicking on a URL included in a smishing text message installs malicious code on the mobile phone. In this case, personal and financial information such as contacts, photos, and digital certificates stored on the phone are highly likely to fall into the hands of criminals. Small payments may be made without the user's knowledge. In the worst case, the phone could become a so-called "zombie phone." This happens when a malicious application is installed by falling for a smishing message. Then, criminals can remotely control the phone through the app. Even if calls are made to contacts stored on the phone, they can be redirected to criminals, which can cause significant damage if exploited for banking transactions.

To prevent smishing damage, it is best not to click on URLs in text messages from unknown sources. Even messages from acquaintances should be carefully checked if they contain URLs. Especially if an app installs automatically through a URL, installation should be stopped immediately. Setting restrictions on installing apps or documents from unknown sources can help prevent damage.

Hot Picks Today

"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①

Professor Yeom Heung-yeol of the Department of Information Security at Soonchunhyang University advised, "Smishing methods change very quickly, and often it is difficult to confirm whether malicious programs have been installed, so continuous damage can occur. Prevention is best by regularly updating antivirus programs, and if infection by malicious apps is suspected, it is advisable to seek help from specialized institutions."

한글 기사 보기

This content was produced with the assistance of AI translation services.