Text message phishing scams surge on Telegram in Korea

[Image source: Gettyimagesbank]

Telegram has been exploited by a growing number of cyber threats called smishing, according to multiple sources from the industry of information and technology on Tuesday.

Smishing, a coined term combining SMS messages with phishing, refers to a breach of private information. In most cases, smishing is done through an online chat.

The scammer sends a message containing a malicious link to the victims, claiming that their Telegram accounts have been locked, so they need to update the accounts. The links sent by the hacker lead the victims to well-fabricated websites, notably such as telegram.0rg.host/telegrim/telegramvip. After clicking on such links, the victims enter their information on the websites and give away their private data.

The Korea Internet & Security Agency (KISA) and the Ministry of Science and ICT said that a rise in smishing scams involving Telegram has been reported. The victims include even high-profile policymakers, such as Park Bum-gye, former minister of Justice.

According to the KISA, there are roughly two types of damage caused by a smishing scam. One occurs when a hacker gains access to the breached account and sends the same malicious link to the contacts on the account, and the other damage arises when the scammer exploits the private data they obtained to launch attacks on social media platforms where the user has used the same username and password.

Cyber attacks done via Telegram have soared since the end of 2021. Telegram has gained popularity thanks to its nature of secrecy, which also leave the platform vulnerable to cyberattacks.

According to the IGAWorks’ big data solution, Telegram users in Korea amounted to 2.57 million. More damage will likely occur as there are a lot of companies that tap the anonymity of the platform for their business.

The cyber security authorities have been taking action by blocking access to malicious websites. If users find themselves a victim of phishing mail, it is crucial to report the damage to the authorities by calling 118. If they are afraid of any malicious app or malware code that could be installed on their device, they can perform a checkup on the device via KISA’s ‘My PC-Mobile Caretaker’ site.

More importantly, they must take further steps toward complete cyber security. Using secondary authentication for messenger apps such as Telegram is recommended. Security software updates and regular checkups are also a recommendation.