Smishing

Smishing or SMishing (스미싱) means short message services (SMS) phishing victimizing careless smartphone users, who used to click links on suspicious messages that offer free coupons, adult viewing, low rate loans, etc.

Types
Typically smishing swindlers lure people to access bogus Websites with malignant codes and dupe them into revealing their bank or credit card information. Then the scammers buy on-line game items and sell them for profit in the cyberspace using the victims' personal credit information.

In other cases, the scammers snatch all the personal credit information including mobile banking security code and use them in the advanced form of fraudulent transactions.

Korean banks are stepping up efforts to caution customers about financial fraud via mobile text messages, a new type of scam that has recently become rampant in the country.

How to Get Help
The government is under pressure to provide institutional support and come up with measures to block scammers from faking the banks’ phone numbers when sending out fraudulent text messages. The government has begun legislative proceedings to revise a law so that callers may be banned from manipulating the phone number that shows up on the recipients’ phones.

In this regard, police is ready to help smishing victims retreive stolen money. Individuals who hold evidence of the fraudulent transaction before it is fully processed, can file a claim with local police to receive a return of funds within a week.

If money has already been withdrawn from a victim's account, recovering damages from the perpetrating company can take over two weeks or until a bill has posted to the victim's account.

The Consumer Dispute Mediation Committee under the Korea Consumer Agency ruled that the mobile carrier, payment gateway (PG) and game company are jointly responsible for the damages of the smishing victim. In December 2012, when Park received an instant message for free coupons via his smartphone, he visited the website as indicated. Thereafter he found his money had been withdrawn by someone for the purchase of game items up to 250 thousand won.

Statutory ground
In the above case, the Consumer Dispute Mediation Committee invoked the provision of the Act on Promotion of Information and Communications Network Utilization and Data Protection, etc.(정보통신망 이용촉진 및 정보보호 등에 관한 법률). Therefor, the billing service providers including mobile carriers are deemed responsible for the damages suffered by the service users.

결제대행업자는 인증정보의 보안 유지에 필요한 조치를 다하지 못한 점을 들어 손해배상책임이 있다고 인정했다. 또 게임회사인 콘텐츠 제공업자도 모바일 소액결제 거래에서 본인 확인 의무를 다하지 못한 책임이 있다고 보고 공동 불법행위자가 될 수 있다고 판단했다.

이번 결정은 소비자원이 스미싱 피해에 대한 업체들의 배상책임을 인정한 것으로 법적 구속력은 없다. 다만 업체들이 이를 따를 가능성이 높아 피해자들의 배상요구가 이어질 전망이다.

소비자원 관계자는 "이번 조정 결정은 모바일 소액 결제 시스템의 안전 미비를 지적하고 사업자들에게 개인정보 유출, 해킹에 대한 보안 강화 및 예방에 대한 경각심을 줬다는 데 의미가 있다"면서 "소비자들도 평소 모바일 소액 결제 한도를 설정하고 본인의 개인정보가 유출되지 않도록 각별한 주의가 필요하다"고 당부했다.