Smishing in South Korea: How Fake Delivery Texts Steal Your Money
Korean banks are deploying AI-powered smishing detection as fake CJ Logistics and Hanjin delivery texts surge. Learn how smishing works, how to spot fake SMS, and how to protect your phone.

Smishing in South Korea: That Delivery Text Could Cost You Everything
"[CJ Logistics] Delivery failed. Please verify your address: hxxp://..." — If you shop online regularly, you might tap this link without thinking. But the moment you do, malware silently installs on your phone, stealing banking credentials, contacts, and text messages.
Korean banks are rolling out AI-powered smishing detection systems in 2025-2026, but attackers are evolving just as fast. Here's what you need to know.
What Is Smishing?
Smishing = SMS + Phishing. It's a cyberattack that uses text messages containing malicious links to steal personal information or install malware on your device.
The Three Main Types
| Type | Impersonation | Example Message |
|---|---|---|
| Delivery Scam | CJ Logistics, Hanjin, Lotte Express | "Delivery failed", "Address confirmation needed", "Customs hold" |
| Government Scam | National Tax Service, Health Insurance, Courts | "Tax refund available", "Health checkup results", "Court summons" |
| Acquaintance Scam | Family, friends, coworkers | "My phone broke, text me at this number", "Check out this wedding invitation" |
North Korea's Kimsuky Group: QR Code Phishing
North Korea's Kimsuky hacking group has been embedding QR codes in fake delivery SMS messages. Scanning the QR leads to a malicious site that compromises your smartphone. Never scan QR codes from text messages.
What Happens When You Click a Smishing Link
- Malware Installation: APK sideloading on Android devices installs a malicious app
- Banking Theft: The malware captures banking app credentials
- Data Exfiltration: Contacts and SMS messages are sent to attackers
- Micropayment Fraud: Unauthorized small charges appear on your phone bill
- Secondary Attacks: Stolen contacts are used to send more smishing messages
Carrier-Based Spam Protection (Korea)
| Carrier | Service | Features |
|---|---|---|
| SKT | T Phone | AI spam detection, caller ID spoofing protection |
| KT | WhoWho (후후) | Spam number database, phishing alerts |
| LGU+ | U+Spam Block | Automatic spam text/call filtering |
All three carriers are enhancing AI-powered smishing detection in 2025-2026.
Prevention Checklist
1. Never Click Links in Text Messages
Check delivery status directly through official courier apps or websites — not through text message links.
2. Block Unknown App Installation
On Android: Settings > Security > Install unknown apps > Don't allow
This single setting blocks the primary smishing attack vector: APK sideloading.
3. Report Suspicious URLs
Report suspicious URLs to KISA's Boho.or.kr (Korea Internet & Security Agency) for analysis.
4. Limit Mobile Micropayments
Contact your carrier to set mobile micropayment limits to zero or block them entirely.
5. Keep Your Phone Updated
Always run the latest OS and app versions. Security patches fix known vulnerabilities.
If You've Already Clicked a Smishing Link
| Step | Action | Details |
|---|---|---|
| 1 | Enable airplane mode | Stops malware from transmitting data |
| 2 | Delete suspicious apps | Check recently installed apps |
| 3 | Block micropayments | Call your carrier (114) |
| 4 | Change banking passwords | Use a different device |
| 5 | Report to police | 112 |
| 6 | Report to KISA | 118 or boho.or.kr |
| 7 | Revoke digital certificates | Visit your bank in person |
Sharing Links Safely
One reason smishing works so well is that legitimate links shared via text look identical to malicious ones. When you need to share important URLs — work documents, financial information, personal data — consider using LOCK.PUB's password-protected links instead of plain SMS.
| Feature | Plain SMS Link | LOCK.PUB Secure Link |
|---|---|---|
| Sender verification | Impossible (spoofable) | lock.pub domain verified |
| Password protection | None | Yes |
| Expiration | None | Configurable |
| Access tracking | None | Access logs available |
Recipients can verify they're opening a legitimate LOCK.PUB link, not a phishing attempt — adding a layer of trust that plain text messages can't provide.
Key Takeaways
A single fake delivery text can drain your bank account. The rules are simple: never click links in SMS from unknown senders, block unknown app installation on Android, and use your carrier's spam protection. Share important links through LOCK.PUB instead of plain SMS to help recipients distinguish legitimate links from phishing attempts.
Stay skepthat, stay safe.
Keywords
You might also like
16 Billion Passwords Leaked: How to Check If You're Affected
The largest password leak in history exposed 16 billion credentials. Learn how to check if your accounts are compromised and what to do next.
AI Agent Security Risks: Why Giving AI Too Many Permissions Is Dangerous
AI agents like Claude Code and Devin can execute code, access files, and browse the web autonomously. Learn the security risks and how to protect your data.
AI Chatbot Data Leaks: What Happens When You Paste Sensitive Info Into ChatGPT
Is ChatGPT safe for sensitive data? Learn the real privacy risks of AI chatbots, recent data breaches, and how to protect your confidential information.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free