Phishing

Phishing (보이스피싱, 전기통신금융사기/電氣通信金融詐欺) is a way of attempting to acquire information such as usernames, passwords, bank account number and security number, credit card details by masquerading as a bank, post office or even a prosecutor’s office in an electronic communication like telephone, mobile phone or e-mail.

Phishing using short message services (SMS) is called "Smishing" (스미싱). The term is a variant of fishing. The situation is like this: A fisherman throws "baits" in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, and takes away their financial information and passwords.

Phishing typically directs users to enter details at a fake Website, which looks like a legitimate one, or automatic teller machine (ATM). Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Key words
phishing, scam, data protection, instant message, Smishing

History
A phishing technique was first reported in the United States in 1987, and the term "phishing" was widely used since 1996 when the alt.online-service.america-online Usenet newsgroup described it. In the United States, a phisher posed as an AOL staff member and send an instant message to a potential victim, asking him to reveal his password like "verify your account" or "confirm billing information".

The capture of AOL account information led phishers to misuse credit card information, and to the realization that attacks against online payment systems were feasible. The first known direct attempt against a payment system affected E-gold in June 2001.

Phishing techniques
See detailed information posted on Wikipedia.

In Korea, phone phishing probably takes place if an unidentified caller:
 * - pretends to pay back considerable amount of money from e.g., the National Tax Service;
 * - informs of criminal investigation related with the receiver from e.g., the police station;
 * - demands a certain amount of ransom in exchange for children from a kidnapper;
 * - demands unpaid fees and charges from a telecommunication company;
 * - pretends to put some valuable packages under custody for the receiver from a post office;
 * - urges the receiver to update the Internet banking security measures; or
 * - asks for the receiver's digital certificate for authentication (공인인증서) indispensable for the Internet banking in exchange for an unsolicited loan.

The best way not to be entangled in the above scam is "NOT TO RESPOND" to the suspicious calling. One of my friends recommended me to order custom writingon EssaysProfessors.Com. To tell you the truth, I have never regretted my decision. The writers are real professionals and know how to write impressive work full of knowledgeable information. It's because Korean authorities concerned in no way use telephone. When the phone call is doubtful, it is wise for the receiver to report to the police of such attempted scam. In any case, the personal information including one's resident registration number, mobile phone number, bank account numbers, etc. should be kept with confindentiality.

Latest Developments
In October 2011, when the new Personal Information Act came into force and massive data leak was reported, citizens were increasingly concerned about data protection.

The Financial Supervisory Service (FSS) warned a new scam phishing. “Be aware of scam messages via mobile phone (SMS) or e-mail that demands to upgrade user’s security level.” According to FSS, the scam message is like “This is Kookmin Bank (KB). Massive scale data leak happened at a big portal site. You’re requested to upgrade your security level.”

Once the user accesses ‘card-kb.net’ as directed, he/she must fall prey to swindlers. In any case, KB has never demanded to change password or security number on-line. KB clients are required to appear at the nearest KB branch in person.

Also it should be noted the voice phishing techniques are so sophisticated that even a doubtful person often falls prey to such attackers. Recently, based on the stolen personal information, they are targeting the rich people in Seoul.

Anti-Phishing Legislation
It should be noted that a special act to facilitate the recovery of damages incurred by the victim came into force as from September 30, 2011. The Special Act on the Recovery of Financial Scam Damages via Electric Communications (Act No.10477: 전기통신금융사기 피해금 환급에 관한 특별법) was promulgated on March 29, 2011 to provide for manadatory extinction of scam-related deposit claims and accelerated recovery of damages, thereby protecting such scam victims. Prior to the enforcement of this act, the victims had much trouble in recovering their damages because of time-consuming complex legal proceedings.

At present, they have only to report to the competent police station of such phone phishing to stop the payment of scam-related bank deposits.

Phishing prevention services
As from September 2, 2013, Internet banking services including fund transfer of more than 3 million won, the renewal of digital certificate for authentication, etc. are available only if some requirements are met because most banks adopt Phishing prevention services as follows:
 * Qualifying PCs up to five for Internet banking;
 * Two-channel authentication by conventional security card numbers and wired/wireless phone-confirmed transactions; or
 * One-time secret number generator (OTP)