Phishers Victimize Reputable Korean Financial Institutions

On January 21, 2007 there was report of a new type of phishing fraud targeting Koreans. phishing refers to scams where users fall for fraudulent websites that resemble those of reputable companies like banks or shopping malls. The sites trick the Internet users to divulge their financial information so the phishers can pilfer their money.

The Korean Information Security Agency (KISA) said they discovered a new genre of phishing attacks through a Taiwan-based site on the third week of January 2007. There occurred a theft of more than 4,000 certificates of online banking users from Korea's most reputed lender, Kookmin Bank and Nonghyup or the National Agricultural Cooperative Federation.

This is the first phishing attempt where imposters have disguised as Korean financial institutions. The leading computer security firm AhnLab of Korea offers free vaccine software on its website to detect computers with phishing programs and to delete those programs.

KISA in cooperation with the police took quick measures so there was no report of financial damages. The agency identified Taiwan as the base for the servers of these fake sites. The phishers could have used the stolen information for diverse Internet scams, it said.

Although there was a theft of thousands of online certificates, which cannot be used to withdraw or transfer money automatically, KISA has not yet received monetary theft reports. These certificates are operable only with passwords. Therefore KISA thinks phishers have not been able to snatch money just by accessing the certificates, said Kim, an official at the state-affiliate KISA to Korean Times that published in news, January 21 2007.

According to experts the latest phishing attack used a hacking program that aggressively changes Internet addresses saved on individual PCs, so that even after typing the original web address, users are taken to the fraudulent sites.

Kim said the incident should act as an alert for Korean banks and its customers as, such phishing troubles can arise any time. Kim urges online banking users to check their PCs. It is also important for them to be more vigilant by updating their browsers with security patches and running anti-virus software periodically.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 1/24/2007