What is Phishing?

Phishing is the compound word of "Private data" and "Fishing". An e-mail is sent to a user falsely claiming to be an established legitimate enterprise (especially bank) in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as account number, social security number, log-in password, certificate password that the legitimate organization already has.

How Phishing attacks can be recognized?

Type1

  • To send an e-mail falsely claiming to be an well-known bank or card company etc(Even though there’s trade mark or company’s logo is in the e-mail, it can be a bogus).
  • To induce customers to check, confirm or renew the personal or financial information such as account number, password.
  • To warn customers that internet banking service will be suspended if they don’t confirm or renew according to instruction in an e-mail (Fraudster often uses provocative statement such as “Urgent Security Notification” or “Please Verify Your Account Number”).

Type2

  • To send an e-mail falsely claiming to be established portal site or card company.
  • To induce customers to participate in the event by inputting personal or financial information such as social security number, mobile phone number etc.

How to prevent Phishing attack?

  • Don’t click the hyperlink in an e-mail or online board. It may lead to fake site.
  • If you are uncertain about the information, contact the company such as bank or card company through telephone number you know to be genuine. Don’t contact through the telephone number in the e-mail. It may connect to fraudster.
  • Be prudent to respond or follow the instruction in an e-mail which is sent from the unidentified person.
  • Check if the web site is legitimate or fake. (Be reminded that the legitimate domain name of HSBC is http://www.hsbc.co.kr).
  • Suspicious e-mail or website which asks to provide personal or financial information in the e-mail should be reported to the bank or Korea Information Security Agency (“KISA”), Cyber Terror Response Centre.
  • Use anti-virus software and a firewall, and keep them up to date.

Korea Information Security Agency (KISA) : (02)118 or (02)1336, E-Mail : phishing@certcc.or.kr
Cyber Terror Response Centre : (02)3939-112