Warning Issued Over "Naver Plus Payment Completed" Phishing Emails...Urgent Alert for Password Theft
Prompting Users to Enter Passwords Under the Pretense of Payment Verification
There is a need for caution as phishing emails disguised as Naver Plus Membership payment notifications are being distributed with the intent to steal users' account passwords.
Phishing email disguised as a Naver Plus Membership payment notification. Screenshot from Naver
View original imageAccording to the information and communications technology (ICT) industry on May 17, Naver announced that emails with the subject line "Membership Payment Completed," designed to closely resemble official Naver Plus Membership payment notifications, are currently being circulated.
If users click the "Go to My Membership" button in the body of the phishing email, they are redirected to a phishing site, where they are prompted to enter their password. Two versions of the phishing email have been discovered, differing in payment date and button color. This is characteristic of large-scale phishing email campaigns.
When accessing the phishing site, it appears as though the account ID has been automatically entered, minimizing user suspicion. The phishing site is designed to closely resemble the actual Naver ID security settings page, and specifically, it is disguised as the "Password Reconfirmation" screen rather than the login screen, tricking users into re-entering their password even when they are already logged in. If the password is entered on this page, the information is sent to the attacker's server, not to Naver's server.
Both versions of the phishing email are formatted identically to genuine Naver Plus Membership notifications, including details such as product name, payment amount, and usage period. However, unlike legitimate payment notification emails, the phishing emails add the English "MemberShip" tag at the beginning of the subject line and use a sender email address from a domain other than "@navercorp.com".
Naver has advised that if users have already entered their account information on the phishing page, they should change their Naver account password as quickly as possible and change the passwords for all sites where the same ID and password are used. The company also instructed users to check whether an official icon is displayed in the email list and body if the email appears to have been sent by Naver, and to verify the full sender email address.
Hot Picks Today
"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- [Breaking] Central Labor Relations Commission: "Second Post-Mediation Fails for Samsung Electronics"
- "Looks Even More Like Him in Person": Crowds Gather to See 'Trump Lookalike' Albino Buffalo
- "Even With a 90 Million Won Salary and Bonuses, It Doesn’t Feel Like Much"... A Latecomer Rookie Who Beat 70 to 1 Odds [Scientists Are Disappearing] ③
Meanwhile, as of May 8, it was confirmed that this phishing page was still in operation, so extra caution is required.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
