South Korea’s financial regulator has raised its consumer alert level following a series of phishing and smishing scams linked to the recent Coupang data breach, including cases in which victims lost up to $8,200.
The Financial Supervisory Service (FSS) said Tuesday that it had initially issued a “caution” alert on December 1 in response to the breach but elevated the warning to “alert” after reports of fraudulent activity and financial losses increased.
According to the FSS, scammers are exploiting consumer anxiety by impersonating government agencies such as the police, prosecutors, and the Fair Trade Commission. They contact victims under the guise of investigating the data breach or processing compensation claims, often directing them to phishing websites.
Once victims access these sites, scammers request personal information and encourage the installation of malicious apps or remote-control software. These apps allow fraudsters to manipulate phone numbers, access stored personal data, and track victims’ real-time locations.
The scams are highly sophisticated. In some cases, victims are instructed to transfer funds under the pretense of paying court fines or proving they were affected by the breach. One reported case involved a victim transferring money after being told that a “dummy account” had been opened in their name and that an asset verification was required.
To date, the FSS has received five reports suspected of being secondary losses from the Coupang breach, including one confirmed case in which a victim lost $8,200.
The regulator emphasized that any request from courts, police, postal offices, or other agencies asking users to visit websites or install apps is 100% phishing. Even apps downloaded from official stores should be rejected if prompted by third parties.
The FSS also recommended subscribing to the “Three-Step Financial Transaction Safety Service”, which provides added security for credit transactions, non-face-to-face account openings, and open banking services.
Going forward, the regulator said it would work closely with financial institutions and a government task force to block phishing schemes at their source and monitor responses by individual banks.
