Warning Issued Over "Naver Plus Payment Completed" Phishing Emails...Urgent Alert for Password Theft
Prompting Users to Enter Passwords Under the Pretense of Payment Verification
There is a need for caution as phishing emails disguised as Naver Plus Membership payment notifications are being distributed with the intent to steal users' account passwords.
Phishing email disguised as a Naver Plus Membership payment notification. Screenshot from Naver
View original imageAccording to the information and communications technology (ICT) industry on May 17, Naver announced that emails with the subject line "Membership Payment Completed," designed to closely resemble official Naver Plus Membership payment notifications, are currently being circulated.
If users click the "Go to My Membership" button in the body of the phishing email, they are redirected to a phishing site, where they are prompted to enter their password. Two versions of the phishing email have been discovered, differing in payment date and button color. This is characteristic of large-scale phishing email campaigns.
When accessing the phishing site, it appears as though the account ID has been automatically entered, minimizing user suspicion. The phishing site is designed to closely resemble the actual Naver ID security settings page, and specifically, it is disguised as the "Password Reconfirmation" screen rather than the login screen, tricking users into re-entering their password even when they are already logged in. If the password is entered on this page, the information is sent to the attacker's server, not to Naver's server.
Both versions of the phishing email are formatted identically to genuine Naver Plus Membership notifications, including details such as product name, payment amount, and usage period. However, unlike legitimate payment notification emails, the phishing emails add the English "MemberShip" tag at the beginning of the subject line and use a sender email address from a domain other than "@navercorp.com".
Naver has advised that if users have already entered their account information on the phishing page, they should change their Naver account password as quickly as possible and change the passwords for all sites where the same ID and password are used. The company also instructed users to check whether an official icon is displayed in the email list and body if the email appears to have been sent by Naver, and to verify the full sender email address.
Hot Picks Today
If They Fail Next Year, Bonus Drops to 97 Million Won... A Closer Look at Samsung Electronics DS Division’s 600M vs 460M vs 160M Performance Bonuses
- Opening a Bank Account in Korea Is Too Difficult..."Over 150,000 Won in Notarization Fees Just for a Child's Account and Debit Card" [Foreigner K-Finance Status]②
- Less Than a Year Later... Eunma Apartment Reconstruction Payments Surge by 300 Million Won
- "Manhole Cover Blasts Open in 12 Seconds... The Reason Behind the 'Gangnam Flood Disaster' [Report]"
- "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
Meanwhile, as of May 8, it was confirmed that this phishing page was still in operation, so extra caution is required.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
!['WHO Declares International Public Health Emergency' Why the Untreatable 'Variant Ebola' Is More Deadly Than COVID-19 [Reading Science]](https://cwcontent.asiae.co.kr/asiaresize/307/2026052110164072055_1779326201.png)
!["Please Help Us": How Much Do Those Bowing 90 Degrees These Days Actually Earn? [Data Pick]](https://cwcontent.asiae.co.kr/asiaresize/307/2026052010120870131_1779239528.png)
