🎙️ Related Podcast: The 90% Attack: Inside the First AI-Orchestrated Cyber Espionage Campaign

Executive Summary

South Korea is experiencing what experts are calling a “scam pandemic”—an explosive surge in voice phishing (voice fraud) and cryptocurrency scams that has left 26% of adults victimized in just the past year, with losses totaling $1.4 billion USD. In the first quarter of 2025 alone, voice phishing cases jumped 17% with damages more than doubling to reach ₩311.6 billion ($216.5 million). The average scam victim now faces 55 scam attempts per year, and in a disturbing evolution, cryptocurrency voice phishing cases skyrocketed by 660% in the first seven months of 2025. This crisis is fueled by AI technology, North Korean state-sponsored hackers, and organized crime networks that have turned fraud into an industrial-scale operation, prompting urgent calls for centralized governance and international cooperation.

The Crisis by the Numbers

2025: A Year of Unprecedented Fraud

Q1 2025 Voice Phishing Explosion:

  • Total Cases: 5,878 (up 17% from Q1 2024)- Total Losses: ₩311.6 billion ($216.5 million)- Increase in Losses: 220% compared to previous year- Average Loss Per Case: ₩53 million ($37,000) – a sharp increase

Annual Scam Landscape (12-month period ending 2025):

  • Total Scam Losses: $1.4 billion USD- Adult Victims: 26% of population- Average Scam Attempts Per Person: 55 annually- Shopping Scams: 55% of victims lost money to this type

The Crypto Phishing Tsunami:

  • First 7 Months of 2025: 420 crypto voice phishing cases- Same Period 2024: 64 cases- Increase: 6.6-fold surge (560% increase)- Major Case: One fugitive defrauded 1,300 people of ₩17.7 billion ($13.2 million) between 2018-2019

Historical Context (2018-2022):

  • Total Cases: 227,126 scams reported- Total Losses: ₩1.66 trillion ($1.3 billion) over 5 years- Loan-Related Scams: Over 60% of cases, accounting for nearly ₩1 trillion in damages

Voice Phishing: The National Threat

What is Voice Phishing?

In South Korea, “voice phishing” (보이스피싱) refers to fraud schemes where criminals use phone calls to deceive victims into transferring money or revealing sensitive information. Unlike Western “phishing” (which is primarily email-based), Korean voice phishing is conducted primarily through telephone calls and text messages.

The Evolution of Tactics

2025: The AI-Enhanced Era

Voice phishing has undergone a dramatic technological transformation:

AI Voice Cloning:

  • Scammers use artificial intelligence to replicate voices of family members, police officers, or bank officials- Just a few seconds of audio (from social media videos, voicemails) enables realistic voice synthesis- Victims can’t distinguish cloned voices from real people- Creates highly convincing family emergency scenarios

Deepfake Video Integration:

  • Video calls featuring AI-generated faces of authorities- Fake police stations and government offices as backgrounds- Real-time deepfake technology making impersonation seamless- Victims shown fabricated “official documents” on screen

Social Engineering at Scale:

  • Automated calling systems dial thousands daily- AI analyzes victim responses to optimize manipulation tactics- Psychological profiling determines which scam type to deploy- Machine learning improves success rates over time

The Major Scam Types

1. Government Impersonation – 51% of All Cases

The “You’re Under Investigation” Scam:

This is the dominant fraud type in 2025, accounting for more than half of all voice phishing cases.

How It Works:

Phase 1 - The Call:

  • Caller claims to be from prosecutor’s office, police, or Financial Supervisory Service- States victim is “under investigation” for financial crimes- Claims victim’s identity was stolen and used for illegal transactions- Induces panic and fear of arrest

Phase 2 - The “Solution”:

  • Offers to “protect” victim’s assets during investigation- Demands transfer of funds to “safe government account”- Requires victim to purchase cryptocurrency for “secure tracking”- Claims only way to avoid arrest is immediate compliance

Phase 3 - The Extraction:

  • Victim transfers money or cryptocurrency- Scammer may request remote access to victim’s devices- Additional calls demanding more funds to “complete verification”- Threats escalate if victim hesitates

Real Example: A victim lost $91 million in a social engineering scam involving impersonation of a crypto exchange and wallet support firm, showcasing the scale of damage possible.

2. Cryptocurrency Voice Phishing – The Fastest Growing Threat

The 660% Surge:

Crypto voice phishing has exploded in 2025, with 420 cases in the first seven months—compared to just 64 in the same period of 2024.

Common Crypto Scam Tactics:

Fake Account Warnings:

  • Call claiming victim’s crypto exchange account has been compromised- Demand immediate transfer to “secure wallet”- Provide QR codes or wallet addresses controlled by scammers- Urgency: “Transfer now or lose everything”

Fraudulent Investment Schemes:

  • Promises of high returns through “exclusive” crypto opportunities- Fake mining operations or ICO participation- Celebrity endorsements (often AI-generated)- Social media promotion with fabricated success stories

Platform Impersonation:

  • Scammers pose as customer support from major exchanges (Upbit, Bithumb, Coinone)- Request private keys or seed phrases for “verification”- Fake security updates requiring credential entry- Account “maintenance” requiring fund transfers

Government Warning Integration:

  • Claims of regulatory compliance checks- Threats of account freezes for “suspicious activity”- Demands for immediate KYC verification with fund transfers- Fake tax or licensing fees in cryptocurrency

3. Loan Availment Scams – The Long-Standing Threat

Despite the crypto surge, traditional loan scams remain devastatingly effective:

The Setup:

  • Victim targeted through SMS, messaging apps, or calls- Offers of low-interest loans or guaranteed approval- Especially targets those with poor credit or urgent needs

The Trap:

  • Requires “processing fees” or “insurance deposits” upfront- Demands personal information and bank account access- Continues extracting payments with various excuses- No loan ever materializes

The Scale:

  • Over 60% of all phishing damage (2018-2022) related to loan scams- Nearly ₩1 trillion ($770 million) lost to this type alone- Preys on economically vulnerable populations

4. Romance and Shopping Scams

Romance Scams:

  • Build relationships on dating apps or social media- Eventually request money for “emergencies”- May involve crypto investment opportunities “together”- Long-term psychological manipulation

Shopping Scams (55% of Victims):

  • The most common scam by victim count- Fake e-commerce sites offering luxury goods at steep discounts- Payment made but products never arrive- Counterfeit goods or lower quality than advertised

Who’s Behind the Scams?

The North Korean Connection

State-Sponsored Cybercrime:

South Korea’s National Intelligence Service (NIS) has identified North Korean hacking groups as major culprits:

Lazarus Group:

  • Elite North Korean hacking collective- Responsible for over 50% of digital currency thefts in South Korea- Stolen over $600 million from the country- Operates with state backing as revenue source for regime

Why North Korea?

  • Nuclear and missile development funding- Evade international sanctions- Highly skilled hackers trained from young age- Cryptocurrency provides anonymous revenue channel

Government Response:

  • Ministry of Foreign Affairs issued new sanctions against hacking gangs- Coordination with U.S. security agencies- Quote: “The South Korean government has decided to take specific measures to counter illegal cyber activities, which are one of North Korea’s main sources of funding for nuclear and missile development.”

Organized Crime Networks

Domestic and International Syndicates:

Beyond state actors, organized criminal networks operate the voice phishing infrastructure:

Eastern European Connections:

  • Call centers operating from outside South Korea- Native Korean speakers recruited abroad- Money laundering networks span multiple countries

Chinese Criminal Groups:

  • Contribute 4.7% of digital currency thefts (per NIS)- Smaller but still significant threat- Often work with Korean-speaking accomplices

Southeast Asian Operations:

  • Call centers in Cambodia, Myanmar, Philippines- Human trafficking victims forced to run scams- Targets Korean-speaking diaspora and South Korean nationals

The Victim Profile: Changing Demographics

The 50+ Generation Remains Primary Target

Age Demographics:

  • Victims 50+ years: 53% of total- Rational: Less tech-savvy, more trusting of authority- Higher average losses: Lifetime savings at risk

But Younger Generations Aren’t Safe

The Gen Z and Millennial Vulnerability:

A surprising trend: younger South Koreans are increasingly victimized:

Crypto-Targeted Youth:

  • 43% of social media users in South Korea have invested in crypto- 60% of Gen Z and Millennials consider social media reliable financial advice source- High crypto adoption rate creates large target pool- Lack of experience makes them susceptible to “too good to be true” offers

Average Losses by Generation:

  • Baby Boomers: €18,000 ($19,600) per scam- Gen Z: €400 ($435) per scam- Key Insight: While younger victims lose less per incident, their victimization rate is rising rapidly

The Confidence Trap:

  • 55% of Gen Z and Millennials believe they won’t be scammed- Reality: They now account for 72% of all scam victims in some studies- Overconfidence creates vulnerability

The Platform Problem: Where Scams Breed

Social Media and Messaging Apps

Primary Attack Vectors:

According to research, 84% of scam attempts in South Korea occur on platforms with direct messaging:

Top Platforms for Scam Encounters:

  1. WhatsApp: 59% (highest incidence)2. Gmail: 33%3. Instagram: 27%4. Facebook: 27%5. TikTok: 21%

Why These Platforms?

  • Direct messaging enables personal contact- Difficult to monitor all communications- Scammers create fake profiles easily- Platform hopping when accounts are banned- International reach beyond Korean jurisdiction

The Crypto Ecosystem Vulnerability

Exchanges and Wallets:

  • Impersonation of major platforms (Upbit, Bithumb)- Fake customer support accounts- Phishing websites mimicking real exchanges- Malware disguised as legitimate apps

Social Media Investment Communities:

  • Telegram groups promising “insider tips”- YouTube channels with fake trading strategies- Twitter/X accounts impersonating crypto experts- Discord servers running pump-and-dump schemes

Government and Industry Response

Legislative Action: The Telecom Fraud Damage Refund Act

Proposed Amendments (2025):

The Financial Services Commission (FSC) is pushing major changes:

Key Provisions:

  1. Extended Coverage:
  • Apply existing voice phishing law to cryptocurrency industry- All Virtual Asset Service Providers (VASPs) must comply2. Authority Powers:
  • Law enforcement can freeze and seize funds linked to fraudsters on crypto exchanges- 24-hour response system for monitoring phishing activity- Quick relief through simple remittance processes3. Bank Compensation Requirements:
  • Banks and financial institutions must compensate victims in part or full- Compensation regardless of institutions’ actual negligence- Shifts burden of proof away from victims- Government and ruling party aim to draft amendment within 2025

Current Gap:

  • As of October 2025, banks compensate only 10% of reported cases- Of 173 cases reported to major banks (Jan-Aug), only 18 received compensation- When including consultation cases, payout rate drops to 0.8%- Victims currently must prove bank negligence—almost impossible

Technology Solutions

AI-Powered Platform (October 2025 Launch):

  • Collects voice phishing data from:Financial firms- Telecom carriers- Law enforcement agencies Reinforces preventive systems through data sharingReal-time threat intelligence distribution Stricter Regulations on VASPs:

  • Heightened monitoring of cryptocurrency transactions- Improved KYC (Know Your Customer) requirements- Enhanced security protocols for customer support- Regular audits and compliance checks

Number Spoofing Prevention:

  • Telecom companies blocking number spoofing attempts- Caller ID authentication systems- Database of known fraud numbers

Law Enforcement Operations

Recent Major Cases:

The ₩17.7 Billion Fugitive:

  • Defrauded 1,300 people between 2018-2019- Evaded capture for years- Finally arrested in Seoul in 2025- Demonstrates long-term nature of investigations

International Cooperation:

  • Working with U.S., Japan, China authorities- Tracking cross-border money flows- Extradition agreements for overseas scam operators- Joint task forces targeting organized networks

Protection Strategies: How to Defend Yourself

Universal Red Flags

🚨 Immediate Warning Signs:

  1. Unsolicited calls about legal problems/investigations: Real prosecutors and police don’t call citizens this way2. Urgency and threats: “Transfer now or be arrested” is always a scam3. Requests for fund transfers: No legitimate authority asks you to move money to “safe accounts”4. Cryptocurrency involvement: Government agencies don’t conduct business in crypto5. Remote access requests: Never let callers access your computer or phone6. Secrecy demands: Being told not to tell anyone is a major red flag

Specific Protection by Scam Type

For Government Impersonation Scams:

DO:

  • Hang up immediately if someone claims you’re under investigation- Call the actual agency using official numbers (look them up yourself)- Visit government offices in person to verify any claims- Consult a lawyer if genuinely concerned about legal issues- Report the call to police at 112 or 182 (anti-voice phishing hotline)

DON’T:

  • Never transfer money to “safe accounts”- Never provide personal information over phone- Never install software or allow remote access- Never purchase cryptocurrency at caller’s direction- Never assume caller ID is accurate (can be spoofed)

For Crypto Voice Phishing:

DO:

  • Use official exchange apps only (download from verified sources)- Enable two-factor authentication (2FA) on all accounts- Use hardware wallets for significant holdings- Verify support contacts through official exchange websites- Be skeptical of high-return promises (if it sounds too good to be true, it is)

DON’T:

  • Never share private keys or seed phrases with anyone- Never click links in unsolicited messages- Never scan QR codes from unknown sources- Never invest based solely on social media advice- Never trust celebrity endorsements without verification

For Loan Scams:

DO:

  • Use legitimate financial institutions only- Research lenders thoroughly (check FSC registration)- Read all terms and conditions before agreeing- Understand typical interest rates for your credit level- Get everything in writing before making payments

DON’T:

  • Never pay upfront fees for loan approval- Never provide bank account access before loan approval- Never accept loans that seem “too easy”- Never trust lenders who don’t verify income/credit- Never agree to “insurance deposits” before receiving funds

Technology Defense Tools

1. Call Screening and Blocking:

  • Install voice phishing detection apps (Whoscall, T안심번호)- Enable spam call blocking on phone- Never answer calls from unknown international numbers- Use voicemail to screen suspicious calls

2. Device Security:

  • Keep phone OS and apps updated- Install reputable antivirus software- Don’t jailbreak/root devices (reduces security)- Review app permissions regularly- Enable remote wipe capabilities

3. Financial Security:

  • Set up transaction alerts for all accounts- Use separate accounts/cards for online shopping- Regularly monitor bank and crypto statements- Enable withdrawal limits and notifications- Consider using virtual card numbers for online purchases

4. Crypto-Specific Security:

  • Hardware wallets (Ledger, Trezor) for cold storage- Multi-signature accounts requiring multiple approvals- Whitelist addresses for withdrawals- Regular security audits of your holdings- Separate hot and cold wallets (keep majority offline)

If You’re Targeted or Victimized

Immediate Action Steps

If You Receive a Suspicious Call:

  1. Hang up immediately – Don’t engage or argue2. Do not call back the number that called you3. Look up official numbers and call agencies directly4. Report to police: 112 (emergency) or 182 (anti-voice phishing)5. Alert your bank if you shared any information6. Warn friends and family about the attempt

If You’ve Already Sent Money:

Time is Critical – Act Immediately:

  1. Contact your bank/exchange within 30 minutes if possible:
  • Many fraudulent transfers can be blocked if caught early- Banks have emergency stop payment procedures- Crypto exchanges can sometimes freeze suspicious accounts2. Report to police immediately:
  • Emergency: 112- Anti-Voice Phishing Hotline: 182 (국번없이 182)- Financial Supervisory Service: 13323. File official report:
  • Go to nearest police station- Bring all evidence: phone records, messages, transaction details- Get case number for follow-up4. Contact Financial Services Commission:
  • Report for potential recovery assistance- May qualify for victim compensation under new regulations5. Secure all accounts:
  • Change passwords on all financial accounts- Enable 2FA if not already active- Monitor accounts closely for additional fraud- Consider freezing credit6. Seek support:
  • Scam victims often experience psychological trauma- Contact victim support services- Don’t blame yourself – these are sophisticated operations

Reporting Channels

Emergency Services:

  • Police Emergency: 112- Anti-Voice Phishing Hotline: 182- Financial Supervisory Service: 1332

Online Reporting:

Victim Support:

  • Korea Consumer Agency: 1372- Financial Consumer Protection: 1332- Cybercrime Report: ecrm.police.go.kr

The Bigger Picture: Societal Impact

Economic Consequences

Individual Level:

  • Average loss of ₩53 million ($37,000) per voice phishing victim- Many victims lose life savings- Psychological trauma and depression common- Financial recovery can take years or may never happen

National Level:

  • ₩311.6 billion ($216.5 million) lost in Q1 2025 alone- Projected annual losses exceed $1 billion- Banking system costs for fraud prevention and compensation- Reduced trust in digital financial systems- Economic drag on productivity and innovation

Social Trust Erosion

Breakdown of Communication:

  • People afraid to answer phones from unknown numbers- Legitimate businesses face higher barriers to customer contact- Elderly become isolated, fearing any phone interaction- Family members suspicious of emergency calls even from real relatives

Digital Divide Widening:

  • Older generations avoid digital banking due to fear- Tech-savvy youth still fall victim despite knowledge- Vulnerable populations (elderly, low-income) hit hardest- Financial exclusion for those who opt out of digital systems

The North Korean Factor

Geopolitical Implications:

  • Fraud funding enemy regime’s weapons programs- Creates diplomatic tensions- Requires international cooperation on cybersecurity- Sanctions evasion through cryptocurrency

Security Concerns:

  • Same hacking infrastructure used for espionage- Dual-use technology for fraud and intelligence gathering- Military-civilian boundary blurred in cyber operations

Global Context: South Korea in the Worldwide Scam Epidemic

Comparison with Other Nations

Similar Challenges:

  • Japan: Tokushu sagi (special fraud) targeting elderly- China: Massive telecom fraud networks- Philippines: 74% scam encounter rate- India: Digital arrest nightmare epidemic

Unique Aspects of South Korean Crisis:

  • Extremely high crypto adoption rate- Advanced tech infrastructure enables sophisticated scams- North Korean state actor element- Rapid AI adoption by both defenders and attackers

Lessons from Other Countries

UK’s APP Fraud Reimbursement:

  • Mandatory compensation for Authorized Push Payment fraud- Banks required to cover losses up to certain limits- South Korea considering similar model

Singapore’s Protection from Scams Act:

  • Comprehensive legislation with severe penalties- Real-time transaction monitoring- Cooling-off periods for large transfers

Australia’s Project A.S.T.R.O:

  • National anti-scam center coordinating response- Data sharing between banks, telecom, law enforcement- Public education campaigns

Expert Perspectives

Industry Leaders Speak Out

Manwoo Joo, COO of Gogolook (developer of Whoscall): “South Korea is facing a scam pandemic fueled by AI and cross-border networks, and no single institution can fight this alone. The findings of this report show the urgent need for stronger data-sharing between industries, and centralized governance to protect citizens.”

BioCatch Director of Global Fraud Intelligence Tom Peacock: “While young people now represent nearly three-fourths of all scam victims, it is still older generations that account for the majority of losses. Reports show Baby Boomers lose an average of €18,000 per scam, while Gen Z loses only €400. While a €400 loss may not seem significant, the longer-term impact of not spending the time and resources to investigate these cases could end up being far more costly, as victims lose trust in the greater financial system, the internet, and society.”

Call for Centralized Governance

Key Recommendations from Global Anti-Scam Alliance (GASA):

  1. International Network of Anti-Scam Centers: Coordinate response across borders2. Global Scam Data-Sharing Hub: Real-time intelligence sharing3. Stronger Platform Accountability: Social media and messaging apps must do more4. AI-Based Countermeasures: Fight AI fraud with AI defense5. Victim Compensation Framework: Mandatory reimbursement systems6. Public Education at Scale: Ongoing awareness campaigns

Looking Forward: Can South Korea Win This War?

What’s Working

Technology Innovation:

  • AI-powered detection systems rolling out October 2025- Improved data sharing between sectors- Advanced fraud analytics and pattern recognition

Legislative Progress:

  • Telecom Fraud Damage Refund Act amendments moving forward- Compensation framework addressing victim protection gaps- Crypto regulations extending to VASPs

International Cooperation:

  • Sanctions and joint operations against North Korean hackers- Cross-border investigations with multiple nations- Extradition agreements for scam operators

Challenges Ahead

The AI Arms Race:

  • Scammers adopt AI faster than defenders can counter- Deepfakes becoming indistinguishable from reality- Voice cloning requires only seconds of audio- Technology accessible and affordable for criminals

Cross-Border Complexity:

  • Scam operations span multiple jurisdictions- Cryptocurrency enables anonymous international transfers- Legal frameworks vary by country- Extradition and prosecution difficult

Victim Compensation Gap:

  • Current 10% bank reimbursement rate unacceptable- New legislation pending but not yet implemented- Victims bear most financial burden- Low recovery rate discourages reporting

Platform Responsibility:

  • WhatsApp, Instagram, Facebook lack adequate fraud prevention- Direct messaging difficult to monitor without privacy concerns- Scammers quickly move to new platforms- International platforms resist local regulation

The Path Forward

Comprehensive Strategy Required:

  1. Immediate Actions (2025-2026):
  • Pass Telecom Fraud Damage Refund Act amendments- Launch AI-powered detection platform nationwide- Increase bank reimbursement rates to 50%+- Expand anti-voice phishing hotline capacity2. Medium-Term Goals (2-3 years):
  • Achieve 75%+ victim compensation rate- Reduce voice phishing cases by 30%- Establish regional anti-scam cooperation center- Implement mandatory cooling-off periods for large transfers3. Long-Term Vision (5+ years):
  • Create unhackable national digital ID system- Develop AI that can detect 95%+ of scam calls- International treaty on cyber fraud prosecution- Zero-tolerance policy with severe penalties deterring criminals

Conclusion: The Phone Has Become a Weapon

South Korea’s voice phishing pandemic represents one of the most severe fraud crises facing any advanced economy in 2025. With losses exceeding $1.4 billion, a 660% surge in crypto scams, and sophisticated AI-powered attacks, the nation faces an existential challenge to its digital economy and social trust.

The enemy is not just faceless criminals—it’s North Korean state actors funding weapons programs, organized syndicates operating across borders, and AI technology that can clone your mother’s voice or create a fake video of a police officer.

But there is hope. Legislative action is advancing, technology defenses are improving, and international cooperation is strengthening. The upcoming Telecom Fraud Damage Refund Act could shift the burden from victims to institutions. The October 2025 launch of the AI-powered detection platform may level the playing field. And increased awareness means more people recognize the signs before it’s too late.

The key to victory is simple but difficult: Never trust a phone call when money is involved. Hang up. Verify independently. Take your time. Real authorities will wait. Scammers won’t.

Because in South Korea in 2025, your phone isn’t just a communication device—it’s a potential gateway for criminals to steal everything you own. The only question is whether you’ll answer when they call.

Quick Reference Guide

Is It a Scam? Check These Signs

SCAM If:

  • Caller claims you’re under investigation- Demands immediate fund transfers- Threatens arrest without verification- Asks for cryptocurrency purchases- Requests remote device access- Prohibits you from contacting others- Spoofed number appears legitimate- Urgency and fear tactics used

LEGITIMATE If:

  • You initiated the contact- No money requested immediately- Information can be verified independently- Organization has physical presence- No threats or pressure tactics- You have time to research and decide

Emergency Contact Numbers

Report Fraud:

  • Police Emergency: 112- Anti-Voice Phishing: 182- FSC: 1332

Get Help:

  • Consumer Protection: 1372- Cybercrime Report: ecrm.police.go.kr

For updates on South Korean fraud trends and scam alerts, visit www.scamwatchhq.com

Remember: The most expensive phone call you ever answer is the one where you trust a scammer. Hang up, verify, protect. Your financial future depends on your skepticism.

© 2025 ScamWatchHQ. May be shared freely for educational purposes with attribution.