In an unprecedented incident, a South Korean government-affiliated institution has fallen victim to a phishing scam, resulting in a substantial loss of funds. According to Korean media reports, the Korea Institute of Startup and Entrepreneurship Development (KISED), operating under the Ministry of SMEs and Startups, transferred 175 million won (135,000 USD) to an overseas criminal group after being tricked by a sophisticated e-mail phishing scheme. The unfortunate event serves as a stern reminder of the increasing need for enhanced cybersecurity measures in both public and private sectors.
According to the Sejong government department and the National Police Agency, the phishing incident occurred within the ‘K-Startup Center’ framework carried out by KISED that fell victim to the phishing crime. It is a large-scale project in which 298.9 billion won (235 million USD) was invested to help 201 startups advance overseas. During this process, KISED responsible for overseeing the project, had entered into a business collaboration with Rainmaking, a European startup accelerator, earlier this year. Rainmaking is a global venture capital firm that focuses on investing in and scaling early-stage startups.
The accident happened in early June. Rainmaking requested by e-mail an advance payment (50%) of 135,000 USD (175 million won) to the HSBC bank account. The deception unfolded when a phishing criminal gained unauthorized access to the e-mail communication between KISED and Rainmaking. Posing as Rainmaking, the criminal meticulously studied the conversation history and craftily altered the e-mail address to ‘@rainmaking-in.com’, closely resembling the legitimate ‘@rainmaking.io.’ The criminal then sent an e-mail to KISED, requesting a 50% advance payment of $135,000 (175 million won) to be transferred to an HSBC bank account.
An official of KISED told, “The results of our internal investigation revealed that the phishing incident occurred when communication was carried out not with Rainmaking’s actual email account, ‘[email protected]’, but rather a fraudulent account with a slightly altered ending, ‘[email protected]’, leading to the fraudulent money transfer.”
Unaware of the ruse, KISED authorized the transfer of the funds at the end of June, believing it to be a legitimate request. However, several days later, when Rainmaking inquired about the missing payment, KISED realized that the transferred amount had been sent to the wrong account. Promptly reporting the incident to the authorities, KISED requested an investigation by the National Police Agency to identify the culprits responsible.
The consequences of this phishing attack extend beyond financial loss, as the Institute for Startup Promotion now faces the risk of forfeiting over 100 million won (78k USD) in government funds. This incident marks the first time a government public institution has fallen victim to such a scam, highlighting the urgent need for increased vigilance and strengthened cybersecurity protocols in public organizations.
KISED and relevant government departments have taken immediate measures to bolster the security infrastructure of public institutions, raising awareness about phishing scams and urging employees to exercise caution when handling sensitive financial matters. Efforts are also underway to apprehend the criminals responsible and recover the lost funds.
As the investigation progresses, it is hoped that this incident will serve as a wake-up call for government entities and businesses alike to prioritize cybersecurity and implement robust measures to safeguard against evolving threats in the digital landscape.