"Send us coins and we'll cut your debt"... Warning over 'coin phishing' exploiting loan company hacks

[The Financial News] The Financial Supervisory Service (FSS) has issued a Consumer Alert – Caution Level as a new type of fraud is spreading in which criminals demand virtual assets by exploiting customer data leaked in recent hacking incidents at several lending companies. The hackers pose as employees of these lenders and send emails saying, "If you send us coins, we will cancel your debt," luring financial consumers into the scam. The FSS repeatedly stressed that financial institutions do not request transfers of virtual assets for the purpose of debt adjustment.
According to the FSS on the 27th, some internal systems at several lending companies were recently hacked through PCs infected with malware. Using the personal (credit) information obtained in this way, the hackers are sending phishing emails that spoof the actual email addresses of employees at those firms.


The core pitch of the scam emails is a "debt waiver as compensation for the data leak." For example, they propose that if a borrower with more than 3 million won in debt sends 1,000 Tether (USDT), or 2,000 Tether for debts over 10 million won, to a specified wallet address, the remaining debt will be completely written off. The emails also instruct victims to visit the company after sending the coins to "revise the contract," a tactic used to put them at ease.
The Tether (USDT) demanded by the hackers is a Stablecoin pegged to the value of the U.S. dollar. Its price volatility is low, and it is easy to exchange and launder through overseas cryptocurrency exchanges. The FSS warned that once coins are sent to the wallet addresses listed in these emails, it is virtually impossible to recover the funds.
The FSS also cautioned that clicking on URLs or attachments included in the emails may install malicious apps on the user’s device that allow remote control. This creates a high risk of additional personal data leaks and other secondary damage.
The FSS is currently working with the Financial Security Institute to review the details of the data leaks and assess the adequacy of the security systems at the affected firms. Once the cause of the leaks is identified, it plans to draw up measures to prevent recurrence and guide major lending companies to carry out their own security inspections.
An FSS official stated, "If you suspect a phishing email impersonating a lending company, do not respond and report it immediately to the FSS or the police," and added, "If you believe a malicious app has already been installed, you should promptly run a scan with a security (antivirus) app or visit a service center to reset the device to factory settings."

elikim@fnnews.com Kim Mi-hee Reporter