Bithumb and Coinone Also Impersonated... 'Phishing Alert' Amid Cryptocurrency Boom

Fake website impersonating the legitimate cryptocurrency exchange 'Bithumb' website

[Asia Economy Reporter Cha Min-young] Cryptocurrency investor Mr. A recently received a text message containing the following: "Login detected from overseas IP-102.218.216.188. If this is not you, please block overseas IPs. www.OOOOOOOs.info." Being meticulous by nature, Mr. A was suspicious of the site domain ending with .info and did not access it. It turned out to be a phishing spam message impersonating a cryptocurrency exchange.

Amid the recent surge in cryptocurrency investment enthusiasm, there has been a sharp increase in text messages inducing access to fake sites impersonating cryptocurrency exchanges. This method tricks users into visiting fraudulent websites to steal personal IDs and passwords. The government plans to strengthen cooperation with police authorities to respond to hacking and other information and communication network intrusion crimes related to virtual assets, as well as to enhance a 24-hour monitoring system for virtual asset-related activities.

According to the Ministry of Science and ICT and the National Police Agency on the 9th, cyber intrusion monitoring results show that 32 cryptocurrency-related phishing sites were detected in the past three months. This is a significant increase compared to 41 cases throughout last year (January to December). The government expects the number of phishing sites to continue rising.

The National Police Agency’s Cybercrime Investigation Units in provincial police agencies and police station cyber teams have also made actual arrests. From March 1 to May 4, there were 114 cases of information and communication network intrusion crimes, with 147 people arrested. Five were detained. As of the 4th, 21 cases are still under investigation.

Earlier, the Ministry of Science and ICT strengthened the 24-hour monitoring system through the Korea Internet & Security Agency’s Internet Response Center and cooperated with related organizations to block and respond to cyber threats such as cryptocurrency-related phishing sites. Since March, the National Police Agency has mobilized specialized personnel from cybercrime investigation units nationwide to conduct special crackdowns on all information and communication network intrusion crimes. Based on this, they are cracking down on unauthorized access to personal accounts to steal cryptocurrency and the creation and distribution of malicious programs targeting cryptocurrency.

Users are also urged to be cautious. Personal information and financial data can be leaked or malicious programs installed on mobile phones through messenger scams (messenger phishing), SMS payment scams (smishing), and fake sites (electronic financial fraud sites), which may lead to hacking of cryptocurrency-related accounts.

Messenger scams (messenger phishing) involve impersonating family or acquaintances on SNS platforms like KakaoTalk to request victims’ personal and financial information or sending URLs that induce installation of malicious programs to steal cryptocurrency account information.

SMS payment scams (smishing) send text messages claiming abnormal login activity and include URLs that lure victims to fake cryptocurrency exchange sites.

Fake sites (electronic financial fraud sites) craft URLs similar to legitimate sites to deceive victims into entering their account IDs, passwords, and one-time password (OTP) authentication codes. For example, a legitimate site might be www.ABC.co.kr, while the fake site is www.ABC.info, differing only in the domain address.

Practical measures to prevent cryptocurrency-related fraud include: ▲ not clicking on or immediately deleting URLs from unknown sources received via SNS like KakaoTalk or text messages ▲ verifying whether suspicious site addresses match legitimate sites ▲ regularly changing passwords for cryptocurrency exchanges ▲ strengthening mobile phone security settings to prevent installation of unknown apps.

If cryptocurrency exchange accounts or passwords are exposed, it is advisable to promptly block withdrawals from the exchange and reset passwords. If infection by malicious apps is suspected, report to the '118 Cyber Helper' operated by KISA under the Ministry of Science and ICT. Free 24-hour consultations are available on removing malware (apps), and if damage occurs and investigation is requested, reports can be filed through the Cybercrime Reporting System (ECRM) or the National Police Agency website.

A government official stated, "When receiving SNS or text messages containing suspicious URLs, it is necessary to double-check, and if victimized, promptly report to the police through the cybercrime reporting system." They added, "If you receive text messages inducing access to phishing or fake sites, please report immediately by calling 118 without an area code."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.