Smishing in South Korea: How Fake Delivery Texts Steal Your Money
Korean banks are deploying AI-powered smishing detection as fake CJ Logistics and Hanjin delivery texts surge. Learn how smishing works, how to spot fake SMS, and how to protect your phone.
Smishing in South Korea: That Delivery Text Could Cost You Everything
"[CJ Logistics] Delivery failed. Please verify your address: hxxp://..." — If you shop online regularly, you might tap this link without thinking. But the moment you do, malware silently installs on your phone, stealing banking credentials, contacts, and text messages.
Korean banks are rolling out AI-powered smishing detection systems in 2025-2026, but attackers are evolving just as fast. Here's what you need to know.
What Is Smishing?
Smishing = SMS + Phishing. It's a cyberattack that uses text messages containing malicious links to steal personal information or install malware on your device.
The Three Main Types
| Type | Impersonation | Example Message |
|---|---|---|
| Delivery Scam | CJ Logistics, Hanjin, Lotte Express | "Delivery failed", "Address confirmation needed", "Customs hold" |
| Government Scam | National Tax Service, Health Insurance, Courts | "Tax refund available", "Health checkup results", "Court summons" |
| Acquaintance Scam | Family, friends, coworkers | "My phone broke, text me at this number", "Check out this wedding invitation" |
North Korea's Kimsuky Group: QR Code Phishing
North Korea's Kimsuky hacking group has been embedding QR codes in fake delivery SMS messages. Scanning the QR leads to a malicious site that compromises your smartphone. Never scan QR codes from text messages.
What Happens When You Click a Smishing Link
- Malware Installation: APK sideloading on Android devices installs a malicious app
- Banking Theft: The malware captures banking app credentials
- Data Exfiltration: Contacts and SMS messages are sent to attackers
- Micropayment Fraud: Unauthorized small charges appear on your phone bill
- Secondary Attacks: Stolen contacts are used to send more smishing messages
Carrier-Based Spam Protection (Korea)
| Carrier | Service | Features |
|---|---|---|
| SKT | T Phone | AI spam detection, caller ID spoofing protection |
| KT | WhoWho (후후) | Spam number database, phishing alerts |
| LGU+ | U+Spam Block | Automatic spam text/call filtering |
All three carriers are enhancing AI-powered smishing detection in 2025-2026.
Prevention Checklist
1. Never Click Links in Text Messages
Check delivery status directly through official courier apps or websites — not through text message links.
2. Block Unknown App Installation
On Android: Settings > Security > Install unknown apps > Don't allow
This single setting blocks the primary smishing attack vector: APK sideloading.
3. Report Suspicious URLs
Report suspicious URLs to KISA's Boho.or.kr (Korea Internet & Security Agency) for analysis.
4. Limit Mobile Micropayments
Contact your carrier to set mobile micropayment limits to zero or block them entirely.
5. Keep Your Phone Updated
Always run the latest OS and app versions. Security patches fix known vulnerabilities.
If You've Already Clicked a Smishing Link
| Step | Action | Details |
|---|---|---|
| 1 | Enable airplane mode | Stops malware from transmitting data |
| 2 | Delete suspicious apps | Check recently installed apps |
| 3 | Block micropayments | Call your carrier (114) |
| 4 | Change banking passwords | Use a different device |
| 5 | Report to police | 112 |
| 6 | Report to KISA | 118 or boho.or.kr |
| 7 | Revoke digital certificates | Visit your bank in person |
Sharing Links Safely
One reason smishing works so well is that legitimate links shared via text look identical to malicious ones. When you need to share important URLs — work documents, financial information, personal data — consider using LOCK.PUB's password-protected links instead of plain SMS.
| Feature | Plain SMS Link | LOCK.PUB Secure Link |
|---|---|---|
| Sender verification | Impossible (spoofable) | lock.pub domain verified |
| Password protection | None | Yes |
| Expiration | None | Configurable |
| Access tracking | None | Access logs available |
Recipients can verify they're opening a legitimate LOCK.PUB link, not a phishing attempt — adding a layer of trust that plain text messages can't provide.
Key Takeaways
A single fake delivery text can drain your bank account. The rules are simple: never click links in SMS from unknown senders, block unknown app installation on Android, and use your carrier's spam protection. Share important links through LOCK.PUB instead of plain SMS to help recipients distinguish legitimate links from phishing attempts.
Stay skepthat, stay safe.
Keywords
You might also like
Android Malware Scam in Singapore: 128+ Cases, S$2.4M Lost — How APK Files Drain Your Bank Account
Since February 2025, Android malware scams have cost Singaporeans S$2.4M. Learn how malicious APK files steal banking credentials and how to protect yourself.
Children's Online Safety in Singapore: A Parent's Complete Guide for 2026
Everything Singapore parents need to know about keeping children safe online — screen time guidelines, parental controls, new regulations, and practical tools.
CPF Scam Prevention in Singapore: How to Protect Your Retirement Savings
Learn how scammers target CPF savings in Singapore through phishing, fake investments, and SingPass exploitation. Discover how to use CPF Safety Switch and other tools.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free