Phishing is a type of social engineering attack in which an attacker, pretending to be a trusted entity, tricks a victim into opening a fraudulent email, SMS or website. The victim is then lured into clicking a malicious link or opening an attachment, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

Victims may suffer the following losses if they inadvertently provide sensitive information or open a malicious file attached to a phishing email:

  • Victims’ user ID and passwords will be used to gain unauthorized access to their internet banking and steal money from their accounts.
  • Victims’ credit card information will be used for making fraudulent transactions, causing debts for the unwitting victims
  • Attackers can impersonate victims who are trusted company figures, such as owners, and send an email with instructions to issue a funds transfer to their own account.
  • Leak of victims’ personal data such as salary and financial status.
  • Attackers may encrypt victims’ files and demand ransom for victims to be able to access their files. (Ransomware).

How do scams work?

Theft of internet banking information
Victims receive a phishing email that pretends to act as their bank’s security division, requesting personal information and asking victims to enter an OTP (one-time password) obtained from their mobile phone. Then, attackers use that information to access the internet banking services and transfer victims’ funds to their own accounts.

Theft of credit card information
Customers of an online movie service receive a phishing message informing them that the service has been temporarily suspended. The victim is then asked to click on a link, which belongs to the attackers to update their personal information. Then, the attackers use that information to impersonate the victim online to perform fraudulent transactions.

Ransomware that hijacks computers
Attackers send an email to a victim telling them to install a program attached to the email, for security reasons. Once the ransomware has taken over the victim’s computer, it runs a code that encrypts the victim’s data, and the attackers then demand a ransom from the victim, promising - not always truthfully - to restore access to the data upon payment.

How to identify scams

How to protect yourself from scams

What to do when falling victim to scams

KBank has no policy to send customers a link
or attachment file for filling in personal or account information.