The article discusses the continuing evolution of ‘smishing attacks’, which use malicious SMS messages to try and steal personal information. In response, the Korea Internet & Security Agency (KISA) is introducing a new defense system called the “X-ray system.” This system is designed to prevent malicious messages by analyzing the sender’s number and URLs included in SMS at the sending attempt stage.
Last year, KISA detected 2,196,469 smishing cases in South Korea, a 336.4% increase from the previous year. Traditionally, smishing attackers targeted random individuals, but there is now a rising trend of exploiting contact information stored on users’ smartphones. For example, attackers send messages disguised as wedding invitations or funeral notices under the guise of a contact’s name, making recipients more likely to click on malicious links.
Kim Eun-sung, head of KISA’s Smishing Response Team, explained that attackers use malicious apps with SMS permissions to automatically send harmful messages to contacts saved on a victim’s phone. Seasonal events like weddings or funerals are often used as a cover for these attacks. He noted that while wedding invitations are typically confirmed through phone calls, funeral notices often avoid such confirmation, leading to greater damage.
There is also an increase in smishing targeting social media accounts like Telegram, with over half of detected attacks in the first two months of this year aimed at account hijacking. These attacks often convince users to enter credentials into fake phishing sites that mimic login pages.
To combat advanced smishing, KISA plans to implement the X-ray system in collaboration with over 1,160 corporate messaging companies, with full deployment expected by mid-year. This system will function like a firewall or intrusion prevention system but for SMS networks, and it will only apply to corporate messaging, not personal messages.
In addressing concerns about SMS monitoring, Kim clarified that KISA does not manually review SMS content. Instead, only suspicious patterns and traffic are analyzed, focusing on message structures rather than their substantive content.