Phishers Eye Korean Customers

Co-author: Avdhoot Patil

Phishers have enveloped the globe mimicking brands across a variety of industries and using many languages. From April 2012, phishing attacks in Korean gained momentum, comprising of 0.5 percent of all non-English phishing sites. The increase was in particular targeting banks based in South Korea. The primary motive in these attacks is financial gain, as it is in most phishing attacks. Let’s explore some of the phishing sites we have observed.

In the first example, the phishing site asked for the customer’s name, social security number, cell phone number, account number, account password, and transfer password. After the information was entered, the customer was redirected to a page that asked for the security card serial number. The phishing site then redirected back to the legitimate site.

Figure 1. Phishing site asks for customer details


Figure 2. Phishing site directed to a page that asked for the security card serial number


In another phishing site, the customer was asked for their name and social security number. Customers were asked to accept the user agreement before entering their confidential information. Upon entering the required information, customers were redirected to a page that prompted them for further details. Here, the social security number previously entered was auto-populated. The other details required included debit account number, withdrawal account password, transfer password, security card serial number, and security card password. The phishing sites were hosted on servers based in the USA and China. If customers fell victim to these phishing sites, phishers would have successfully stolen their information.

Figure 3. Customers were asked to accept a user agreement before entering their details


Figure 4. Customers asked for further details and the social security number they previously entered is pre-populated


Phishers often wander over international waters in pursuit of prey and continually search for more victims. The increase we are seeing in phishing sites in Korean is proof of their frame of mind.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up dialog box or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for a padlock icon, ‘https’, or the green address bar.
  • Frequently update your security software, such as Norton Internet Security 2012, which protects you from online phishing.