Countermeasures for phishing damages
What to do when you fall victim to voice phishing
- Immediately call the call center of the financial institution where money is transferred to or from to report the incident and request a suspension of account transactions (also accessible through the National Police Agency at 112 and the Financial Supervisory Service at 1332).
- If personal information such as ID or account number is leaked, or if there is suspicion of a malicious app installation due to accessing a suspicious URL, promptly take measures such as resetting the mobile phone or deleting the malicious app, registering the personal information exposure on the Financial Supervisory Service's personal information exposure prevention system (pd.fss.or.kr), requesting a suspension of transactions on the affected account, and checking for any unauthorized opening of a mobile phone account.
- Submit a written request for relief at the branch where the transaction suspension was applied, accompanied by supporting documents such as a certificate of incident from the police (cybercrime unit) (within 3 business days of the request, check with the financial institution or police station for required documents before paying the visit).
Reporting phishing site
- There are financial damages incurred due to phishing sites, smishing text messages that impersonate the Supreme Prosecutor’s Office, National Police Agency, Korea Internet & Security Agency, a financial institution, parcel delivery service, etc. Please check the website address when accessing it before entering personal information.
- If the site is confirmed to be a phishing site, a fake website created by imitating a website of a bank, etc. to extract financial transaction information, the relevant website should be reported to prevent additional damages.
Punishment for phishing
Punishment for fraud
- As electronic financial crime is a criminal act of obtaining pecuniary advantage using personal information or financial transaction information acquired by deceiving another person, it can be punished according to fraud in terms of the “Criminal Act.” Defrauding another person thereby taking property, obtaining pecuniary advantage from another, or allowing a third person to obtain such is prohibited (Article 347(1) and (2) of the “Criminal Act”).
- Violating such will be punished by imprisonment with labor for not more than ten (10) years or by a fine not exceeding KRW 20 million (Article 347(1) and (2) of the “Criminal Act”).
Punishment of fraud by use of computer, etc.
- Acquires any benefits to property or has a third person acquire them, by making any data processed after inputting a false information or improper order, or inputting or altering the data without any authority into the data processor, such as computer, etc.is prohibited (Article 347-2 of the “Criminal Act”).
- Violation of above legislationwill be punished by imprisonment with labor for not more than ten (10) years or by a fine not exceeding KRW 20 million (Article 347-2 of the “Criminal Act”).
Punishment for extortion
- Extorting another person thereby taking property, obtaining pecuniary advantage from another, or allowing a third person to obtain a surrender of such person's property is prohibited (Article 350(1) and (2) of the “Criminal Act”).
- Violating the above will be punished by imprisonment with labor for not more than ten (10) years or by a fine not exceeding KRW 20 million (Article 350(1) and (2) of the “Criminal Act”).
Organization of criminal groups
- Voice-phishing organizations fall into the category of criminal organizations in terms of the Criminal Act, and if the defendants that fulfilled the affairs of the organization are recognized to have intention in joining and the activities of the criminal organization and the acts of fraud are part of the activities of the criminal organization, they may be punished for group crime of criminal group, etc. in terms of the “Criminal Act” (Article 114 of the “Criminal Act”).