LINE Phishing Scam steals your SMS authentication code
LINE is a messaging app and widely used in Asia. Especially in Japan, it’s the most popular messaging app.
Unfortunately, the largest market share means many criminals want to thief accounts. Now LINE suffers from Phishing Sites.
In this article, I show a Phishing Site of LINE and how it works.
There are some actors of LINE Phishing Scam. Their Phishing Websites are different — this means they have a different PhishKit.
Method to make victims access Phishing Sites
Phishing Mail
LINE Phishing scammers send characteristic Phishing mails, “[LINE緊急問題]”(LINE Emergency Problem).
They say “お客様のLINEアカウントに異常ログインされたことがありました。” (There was an abnormal login to your LINE account.) and lead to Phishing Link. Of course, link text is tampered by <a> element.
Phishing Link has a tracking token, but Phishing Sites work without this token.
Phishing Talk
LINE is a messaging app, so “Talk” is a strong method to make victims access a Phishing Site.
Once Phishers get victim’s account, they sometimes “Talk” to Friends including a Phishing Site’s URL.
There are some types of LINE Account, (1) normal account and (2) LINE@ account. (2) is used by Shop/Organisation/Company to announce something. Therefore, when LINE@ account is compromised, it leads to giant “Phishing Talk”.
On Feb. 13th 2020, LINE@ account of Men’s cosmetics brand HMENZ was compromised and “Talk” a Phishing URL with luring message.
Real Man-in-the-Middle
Before showing how LINE Phishing Website works, I explain a whole system.
The most important point is they steal not only ID/password, but also OTP(OneTimePassword) by using a method of Man-in-the-Middle. So 2FA with SMS authentication code is useless.
We must understand that MFA with simple string OTP is helpless for Phishing and Social Engineering.
How it works?
Then let’s see a “real” Phishing Site and how it works.
At 1st, they steal ID/password, i.e. E-mail address and password. Now Phishers get 1st credential.
Next, Phishers urge victims to input Phone Number.
Now Phishers are ready! They start LINE app with their SmartPhone, and wait a Victim’s SMS AuthCode.
If a poor victim input SMS Authentication Code to the Phishing Site, Phishers can login.
One more thing…
LINE has complex login system to cope with user’s upgrading to a new mobile phone. So Phishers need another OTP, Transfer Verification Code.
But this is easy: Phishers use the same way. They urge victims to input that.
Transfer Verification Code is also sent by SMS. Poor victims input the code to the Phishing Site…
Then that’s all! Phishers completely compromise victim’s account.
Other Phishing with the same way
In these days, Japanese banks are also suffering from Phishing sites.
Of course they provide OTP — SMS-based, hardware token-based, SmartPhone app-based, and so on. But Phishers’ way is the same. They wait for input of OTP behind a Phishing Site, and login to Bank account.
LINE’s announcement
LINE announced these ways in detail (LINEへの不正ログインに対する注意喚起). They also announced how many accounts were compromised —I think this is really honourable.
LINE Corp. has Transparency Report, so this announcement meets the needs.
Conclusion
- MFA(Multi-Factor Authentication) is important to protect your account, but simple string OTP is helpless for the MITM(Man-in-the-Middle) attack such as Phishing Sites.
- Don’t click/tap URL in SMS/e-mail. You should think “Is this a trap?” every time.
