1. What are the types of “Messenger Phishing”?

• Messenger Phishing or Smishing, which is a combination of SMS and Phishing, can be done by hacking other people’s online messenger accounts, such as KakaoTalk, and sending messages to the victims’ families or friends to request them to urgently send money for medical expenses, traffic accident settlement, etc. Scammers induce people to send money to the account of another person.
   
• False emergency notification text messages are sent to the victims, pretending to be a financial institution or government agencies/authorities, such as the police, the prosecutor’s office, or an employee of the Korea Immigration Service.
   
  •  There are cases in which scammers impersonate an employee of the Korea Immigration Service, sending messages which state that the receiver has been prohibited from leaving the country.
     
  • Note that the Korea Immigration Service never uses international phone numbers when contacting people nor does it notify the travel ban status via messages—the ban is notified by postal mail.
     
  • Once the victims share their personal information, especially financial information, the scammers use that information to take loans in the names of the victims and transfer the money to stolen accounts they are utilizing.
     

2. How can we avoid falling victim to Message Phishing?

• If you receive a text message that asks you to send money impersonating a friend or family member, saying they cannot be contacted due to a lost or broken cell phone, you should first call the person to check if the sender is actually someone whom he or she claims to be.
   
• Never send a copy of your ID card or share your personal information via text message or on a suspicious website received via message.
   
• If you receive a text message about a payment (of a credit card) or a transaction you did not make, call your bank directly not the number in the message.
   

3. What are the differences between phishing and pharming?

• A more advanced technique is used for pharming to steal people’s credentials. Cybercriminals install or lure users into installing malicious codes in the user’s device or a server which would discreetly redirect them to fraudulent websites. These fake websites may look legitimate, but every piece of information the users enter on the website will be stolen by the scammers.
   
• Phishing uses bait such as fake links, while pharming manipulates on the DNS (Domain Name System) server to redirect users to a simulated website. Once the hacker launches a successful DNS attack in pharming, it diverts the fundamental flow of traffic to the website.
   
• Pharming uses techniques like DNS hijacking, DNS cache poisoning, and DNS spoofing, while phishing uses smishing, message phishing, or voice phishing (vishing).
   
• Pharming is trickier than phishing since it launches an attack at the DNS level, making it difficult to spot. However, phishing remains the top social engineering scam that lures victims into submitting confidential information.
   

4. How to prevent falling victim to pharming?

• Always use a trusted and verified Internet Service Provider (ISP)
• Use a VPN service that has reputable DNS servers
• Always enable two-factor authentication on sites when you have the option to do so
• Avoid suspicious websites
• Make sure to change the default password on your consumer-grade routers and wireless access points
• Always be extra careful when opening links or attachments or installing programs or applications from unknown or suspicious sources
• Using security software is crucial
• Make sure that your web connections (the web address should have HTTPS, for instance) are secure

• Voice Phishing Scam Alert.png