More than half of phishing text messages are impersonating financial institutions, according to a new report.
AhnLab (053800.KQ), a South Korean cybersecurity firm, released its "Q4 2024 Phishing Text Trend Report" on Tuesday, analyzing various phishing texts detected through its agentic artificial intelligence-based security platform "AhnLab AI PLUS" from October to December last year.
Financial institution impersonation was the most common type of phishing text attack in Q4, accounting for 46.93% of all cases—nearly half of the total. This was followed by government and public institution impersonation (16.93%), job scams (14.40%), Telegram impersonation (9.82%), loan scams (5.87%), delivery company impersonation (3.32%), fake condolence messages (1.47%), fake IPO subscription notices (0.70%), fake wedding invitations (0.39%), and family member impersonation (0.17%).
The financial institution impersonation category showed a sharp increase of 343.6% compared to the previous quarter. Typical cases involve messages claiming "card issuance complete" or "transaction history notification," urging users to report immediately if they did not apply for or make such transactions—exploiting psychological anxiety. Methods consistently observed include inserting phishing site URLs or fake customer service phone numbers in the message body and requesting personal information under the guise of reporting procedures.
By industry sector impersonated, government and public institutions accounted for 10.16%, followed by financial institutions (4.53%), logistics (1.04%), and others (84.24%).
Attacks impersonating government and public institutions closely related to daily life represented a relatively large share. Meanwhile, financial institution impersonation, which ranked first by attack type, often used only finance-related keywords rather than directly naming specific financial companies, placing it second in the industry sector statistics. Considering that the "others" category accounts for more than 80% of the total, AhnLab explained that attackers are expanding their strategies from impersonating specific institutions or individuals to more versatile "situation-disguised" attacks.
In Q4, URL insertion remained the dominant phishing method at 98.89%, while luring victims to mobile messengers accounted for only 1.11%.
This shows that attackers continue to refine URL-based attacks with proven high success rates rather than attempting new technical approaches. Although the attack method is simple, caution is needed as it can cause significant damage by exploiting user psychology and behavior.
To prevent damage from phishing texts, users should follow basic security practices: avoid clicking URLs from unclear senders, verify the reputation of suspicious phone numbers, block international text messages if unnecessary for work or daily life, and install smartphone security products such as V3 Mobile Security.
"Phishing text attacks continue to evolve, but because they exploit high-interest issues like money and job hunting or seasonal themes closely related to users' daily lives, patterns similar to last year may continue this year," AhnLab said. "With the Lunar New Year holiday approaching, sharing representative phishing methods with family and acquaintances in advance and raising awareness can sufficiently prevent damage."