How to avoid ‘voice phishing’
I experienced an attempted phone scam recently in Seoul, and I feel obliged to share my experience with the readers. It all began when I picked up the telephone on my desk that morning.
It was an automated message, saying, “This is an urgent notice from KT (Korea Telecom). Your phone service will be cut off this afternoon. If you want to know the details, press zero now.”
I pressed zero, and a woman said, “This is the KT accounting office. Our record shows that you have an accrued balance due of over 486,000 won. KT will have to suspend your telephone service, if you don’t pay it now.”
I protested, “This is preposterous. I have paid all the bills.”
``You opened another telephone account at Yeouido three months ago, and you have not paid the phone bills for that account,” she sounded confidently. I could hear background noise as if it was coming from a customer service center.
``Wait a minute, I don’t live in Yeouido or have an office there,” I said in shock.
She then said, “It looks like somebody stole your identity to open that account. We have received reports of similar cases. We will report your case to the police. You don’t have to do anything. We will take care of it.”
Then she asked what my name and my cell phone number were. She was speaking fast in Korean in a funny intonation, sounding like she was reading a script. I said, “Why do you talk like a machine?” She did not answer. Yet, after asking what her name was, I gave the information she wanted. She added, “You will be contacted by the police in about five minutes.”
I wanted to prepare myself before the police would contact me. I called the KT information center and confirmed that I did not have another telephone account or have unpaid bills. They informed me that it was a vishing scam, which refers to “voice phishing.”
Shortly afterwards, the phone rang again, and a man claimed in an authoritative voice, “I am a special agent with the Office of the Seoul Metropolitan Police Headquarters.”
I shot back at him loudly, “You are a crook!” Apparently, this guy was taken aback, “What, what … how dare you ...” I hung up while he was struggling to say something. Although I was not positive that the caller was impersonating a police officer, I wanted to report it to the police authority. So I called 112.
When I called 112, I was referred to the special investigation team on “social engineering,” a term that refers to “the art of manipulating people into performing actions or divulging confidential information.” From a real police officer, I learned:
These vishing scams are generated from China by way of the Internet phone system. The criminals are not traceable. They sometimes impersonate a prosecutor or a representative of the Financial Supervisory Service (FSS), and they ask the victims to provide bank account numbers and pin numbers to steal money from them. Some schemers also send e-mails to the target victim with instructions to open the link to the police website ― a fake website which looks identical to the official website with the official logos.
They often ask the victim to update their personal confidential information such as bank account and credit card numbers and pin numbers. The crooks would say they need the input to protect the victim’s interest. Some scammers use such information to take cash or credit cash advances from ATMs.
According to the police and the FSS, there were 8,244 victims of vishing, from whom a total of 101.9 billion won ($90 million) was stolen in 2011 alone.
Belatedly, the financial regulator announced that a 10-minute waiting requirement shall soon be applied to withdrawal of funds from an ATM. In 10 minutes, the banking system will be able to determine a suspicious transaction and stop it, while the culprit is waiting in front of the ATM machine to take money, using a victim’s information.
The authorities will also employ a stricter procedure for taking cash advances of more than 3 million won using credit cards: The credit card banks shall be required to send a message to the applicant cell phone to confirm the veracity of the application and pay the advance two hours after the application is returned.
Some advice against vishing includes:
■ Be suspicious of unsolicited calls even if the caller claims to represent a law enforcement agency or a respected company.
■ Never provide bank account numbers, any other banking information, or resident registration number (Social Security Number) over the phone or through e-mail to an unsolicited person.
■ Do not open a website at the direction of an unknown caller or an unsolicited e-mail, and never provide any personal information on such a website.
■ Report the suspicious event to the authorities.
The writer is a visiting research professor at Korea University and a visiting professor at the University of North Korean Studies. He is also an adjunct professor at Johns Hopkins University School of Advanced International Studies. His email address is email@example.com.