Definition of smishing
Evolution of smishing method
- “Smishing” refers to a new form of financial fraud that first appeared domestically in 2012, as a compound word between text message (SMS) and phishing. It involves stealing information regarding mobile micropayment by using text messages and spreading a malignant app or code on the phone. And then it involves purchasing items on a game site, etc. to incur micropayment damages. Recently, the method is further evolving, such as a combination between pharming phishing site and smishing method.
Recent damage examples smishing damages
Caution of smishing frauds smishing regarding COVID-19 text messages
- Smishing frauds are being reported regarding COVID-19 vaccination and mask purchases, etc.
Proceeding with contactless loan under the name of the job seeker, saying that online training will be held at home due to COVID-19
- New smishing fraud utilizing contactless interview, working from home, YouTube training, etc. that are familiar to the 20's and 30’s is taking place
Online address
- Smishing, as a cyber fraud method using a smartphone infected with malignant code, includes an online address for installing a malignant app in the text message. Such online address (URL) uses a shortened service, it is difficult for the user to identify website information, and the user is connected to a phishing site that is a fake website that is created by imitating a normal website. Special attention is required, as recently a general online address that is similar to a normal website has been used.
Malignant app
- A malignant app imitates a normal app (example: Chrome, Play Store, Civil24 used in public institutions, renowned mobile vaccines, etc.) that is universally installed in mobile phones to induce users into downloading it. As it asks for access to an excessive list of functions, such as phone, text message management, personal information inquiry, storage inquiry, location information, authorization request of device manger, etc., much care is needed during its installation stage. Also, while the malignant app does perform malignant actions on its own, there are also cases in which it induces the installation of other malignant apps. When certain applications such as Chrome, banking, vaccine, etc. is activated, it notifies the users of an update with the message “this is an update file” to induce users to download other malignant apps.