Check Fraudulent QR 'Qusing' via Bohoonara KakaoTalk Channel
Malicious App Installation Under the Pretext of Video Interview... New Types Increasing
Strengthened Response Including Public Institution Text Message Safety Mark Attachment
The Korea Internet & Security Agency (KISA) will provide a service from this month that can detect a new type of phishing method called 'QR code phishing (Qusing).' In May, KISA established the National Victim Response Team to actively respond to the increasingly diverse phishing crime methods, such as impersonating interviewers and luring victims into SNS chat rooms.
On the 1st, KISA's National Victim Response Team announced that to prevent QR code phishing, it will add a 'Qusing verification service' this month to the existing Smishing (phishing via text messages) verification service on the KakaoTalk 'Safe Nation' channel. By selecting the 'QR Code' menu and photographing a suspicious QR code, KISA will determine whether it is malicious and inform the user of the result. The average time for analysis is 10 minutes. The National Victim Response Team was newly organized in May to effectively respond to phishing crimes.
Qusing is a new phishing method where QR code stickers are attached in specific locations, and when scanned with a smartphone, they lead to the installation of malicious apps or phishing sites to steal personal information. For example, stickers are placed on personal mobility (PM) rental facilities such as bicycles and electric kickboards to induce criminal damage.
The smishing method is becoming increasingly sophisticated. For instance, job seeker A received a text message stating that they had passed the document screening. Then, an impersonated HR representative sent A a URL and encouraged the installation of an app (malicious app) for a video interview. The representative also explained internal company regulations and requested a copy of A’s resident registration card to pay the interview fee. Later, A discovered that a mobile phone had been opened under their name and that deposits were withdrawn and non-face-to-face loans were made.
As the methods diversify, the cumulative number of users and usage of the 'Smishing Verification Service' provided by KISA continues to increase steadily. Since the service launch on March 29, the number of users rose from 54,593 in April to 141,108 in October, and clicks increased from 88,713 to 240,116 during the same period.
The means to recognize phishing risks will also be expanded. A service that attaches a safety mark to messages sent by national and public institutions will be introduced to more than 280 institutions this year. Seok Ji-hee, head of KISA’s Voice Phishing Response Team, stated, “Currently, the safety mark is included as an image, but we plan to change it to a ‘Safety Mark Plus’ with dynamic effects to emphasize it further, in cooperation with Samsung Electronics.”
Additionally, starting next year, a service will be introduced that sends notification messages to victims in advance when large-scale internet messages are sent using stolen mobile phone numbers. Systems to block fraudulent messages and calls from the sending stage are also being strengthened. Previously, only one line (account) confirmed to be manipulated was suspended, but next year, up to five lines derived under one name (including phone number changes and two-number services) will be blocked.
Lee Dong-yeon, head of KISA’s National Victim Response Team, said, “Phishing crimes are evolving their methods to bypass responses from institutions and ministries. We will respond by considering various approaches such as blocking at the sending stage and notification services within SNS and messengers.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
