Police warn of phishing scams tied to Coupang breach

“Are you at home? I am visiting to deliver your new card.”

That was the phone call a resident recently received. When the individual responded that no credit card had been requested, the caller claimed the person’s information had likely been stolen in the Coupang data breach and used to issue a card without authorization, urging the recipient to contact a so-called customer service center. It later turned out the number was spoofed and the caller was impersonating a support representative, attempting to persuade the resident to install a “remote-control application” on the phone under the guise of a security inspection. The scheme was a textbook example of voice phishing.

According to the National Police Agency on Dec. 7, the Cyber Financial Crime Response Center has received a growing number of reports of phishing scams that weave the Coupang data leak into highly sophisticated crime scenarios. Beyond the credit card delivery ruse, police have also uncovered smishing attempts that prompt recipients to click links by warning that Coupang orders could be delayed or missing because of the leak. A police official said the tactic uses a genuine large-scale personal information breach to heighten anxiety and make victims more vulnerable to manipulation.

Authorities have concluded that the scheme constitutes a new variant of phishing aimed at exploiting the heightened public concern following the Coupang-related data breach. While there have been no confirmed monetary losses so far, police warn that victims could emerge at any time as the tactics grow more sophisticated. Police are reinforcing monitoring efforts and closely tracking any new variations.

Investigators outlined three key guidelines to prevent such scams. First, never click on links or access web addresses from unknown sources and delete suspicious messages immediately. Second, keep in mind that government agencies and financial institutions do not request app installations via phone calls or text messages. Third, if you suspect impersonation, hang up immediately and report the incident to 112. The agency warned that even a single click out of curiosity can infect a device with malware and urged the public to exercise extreme caution.

An official from the Cyber Financial Crime Response Center stressed that proactive reporting by citizens is crucial for detecting and blocking new crime tactics early. The official urged the public to report immediately if they receive calls or messages referencing the Coupang incident that request personal information or prompt suspicious links, in order to prevent further damage.

Meanwhile, an investigation by the National Office of Investigation found no unusual spike in smishing or voice phishing cases around June 24, when the Coupang data breach became public. Among the 116,000 general crimes reported since June, including home invasions, none were directly linked to the Coupang incident. Nevertheless, police said they will continue close monitoring to prevent potential secondary crimes if the stolen information is eventually exploited.


전남혁 기자 forward@donga.com