The government has issued a consumer alert to preempt smishing scams related to the ‘Recovery Consumer Coupons’ application and distribution starting on the 21st.
On the 17th, the Financial Services Commission and the Financial Supervisory Service expressed concerns about smishing incidents where personal and financial information could be stolen through text messages impersonating coupon applications. They advised that no internet addresses (URLs) should be clicked within the messages. Official notification messages from the government, banks, and card companies regarding the Recovery Consumer Coupons do not include URLs.
Smishing is a combination of SMS and phishing, a method that steals personal information by inducing the installation of malicious apps. A similar format of smishing incidents occurred during past disaster support fund distributions.
If a URL in a message is clicked, it may lead to a phishing site or the installation of a malicious app, resulting in data breaches such as identity card and contact information leaks, remote control of the phone, and calls being intercepted and manipulated. The victim’s scale could increase because of features that tamper with caller IDs or intercept calls.
To prevent smishing damages, financial authorities have directed banks and card industries not to include URL links in their text messages and are strengthening preventive promotions through various channels, such as ATMs, branches, call centers, and websites. Additionally, the telephone numbers used in impersonating texts will be immediately disabled.
Consumers must avoid clicking URLs in text messages from unclear sources, stop immediately if sensitive personal information is requested, strengthen their mobile security settings, report suspicious messages, and request payment suspension if damage occurs.
If damage occurs, report it immediately to the relevant financial company or the Voice Phishing Integrated Report Response Center (dial 112) to request payment suspension, and use the Financial Consumer Information Portal ‘Fine’ accident prevention system advised by the Financial Supervisory Service if personal information leakage is suspected.
Blocking unpermitted account openings or unauthorized phone activations through the Msafer safe blocking service or identity theft prevention service is also a preventive measure.
A financial authority official emphasized, “The Recovery Consumer Coupon notification texts will never include URLs, and smishing attempts using such methods will be strictly blocked. The active caution and reports from citizens are the most effective methods to prevent damage from spreading.”
In line with the timing of the application and distribution of the Recovery Consumer Coupons, attempts to smish by impersonating government or card companies to prompt clicks on suspicious internet links disguised as instructions on coupon eligibility, amount, card use approval, and recharges are expected to occur frequently. In summary, the government and card companies do not send text messages with URLs or links for the online application of the Recovery Consumer Coupons to prevent damage. Therefore, one must be very careful to avoid damage by not clicking on internet URLs within text messages or making calls, and be sure to familiarize oneself with the precautions below.
1. Never click on messages with uncertain or suspicious internet URLs.
2. If you receive a suspicious message or suspect malware infection, report it to the Korea Internet & Security Agency’s 118 Center (☎118).