Long wall of text coming. Sorry.

Anyhow, no, I’m not talking about the jam band. “Phish” as in trying to scam someone to get their personal information, like passwords or credit card details, usually so you can steal their money. Phishing is quite a problem in Korea, often turning up in news stories, but in the last week, two phishing incidents hit pretty close to home — some scammers tried to steal from a relative yesterday (let’s call her “F1”), and the friend of a friend actually lost 20 million won to another scammer earlier in the week (“F2”).

In each case, the method used was rather similar, so I wonder if this is a problem that’s getting worse, or if two incidents just happened to hit close to home. These phishing attacks are pretty devious. Like most grifts, they’re designed to take advantage of human nature and our personal blind spots.

The scam begins with a phone call. A guy claiming to be with the police says that you have been targeted in a bank fraud and identity theft. They’ve caught the guy, but there will be lawsuits and all sorts of legal hassles. They warn that not taking care of this right away could result in months of trouble and your bank accounts could be frozen for a time.

But then they offer a solution — if you go to the police’s website, you can register your information and protect yourself. Of course, the URL they mention is not “go.kr” and not the real Korean police website. It looks the same, but it is “.com”.

Throughout, they keep talking fast, trying to stop you from thinking, lulling you into a rhythm, taking advantage of most people’s tendency to want to please others and be respectful. They also know your name and same bits of personal information (easily bought on the black market), designed to make them sound official.

Luckily for F1, once they started saying they needed her to transfer them money, she got really suspicious. She said she needed to check their info and would call back, asking them for their names and departments so she could call them back. They said to use the number on her caller ID, but she said no, she’d call the main police switchboard and the operator could pass her along to them. They immediately hung up.

F2 was not so lucky, and sent a lot of money.

It’s easy to look down on people who get scammed, but grifters are smart at recognizing glitches in human nature, and “hacking” our behaviour, like how a computer hacker breaks into online networks. That said, there needs to be a lot more education in Korea about how to protect your personal information.

More annoying, though, was the response of the real police. F1 called the Mapo Cyber Police division, but their response was “If you didn’t lose any money, don’t worry about it.” They said they could do anything about it and weren’t interested in filing a report or gathering information. So lazy and amateurish (and, unfortunately, typical).

tl:dr — Don’t ever give away your personal information over the phone and be careful about online. Korea’s lack of information security is getting ever more dangerous.