Phishing emails disguised as Naver Plus membership payment notifications are being circulated, aiming to steal user account information. These emails trick users into clicking links that lead to fake security pages where they are prompted to enter their passwords.
According to the IT industry on May 17, Naver has issued a warning through its customer service about phishing emails posing as "Naver Plus Membership Payment Completed" notifications, urging users to exercise caution.
Naver stated, "The phishing emails are titled '[MemberShip] Membership Payment Completed' or '[MemberShip] Payment Completed,'" adding that clicking the 'Go to My Membership' button in the email directs users to a phishing site that requests their passwords.
This phishing attempt is notable for its similarity to the actual Naver ID security settings page, specifically the 'Password Reconfirmation' screen. It deceives users into thinking they need to re-enter their password for security purposes while already logged in.
Two variations of the phishing email have been identified, differing in payment dates and button colors. This is a common characteristic of large-scale phishing campaigns.
Naver noted that the phishing email titles include '[MemberShip] Membership Payment Completed' or '[MemberShip] Payment Completed.' The company clarified, "Official Naver notification emails do not use this format."
Users should also carefully check the sender's email address, as phishing emails use domains other than the official Naver domain 'navercorp.com.'
Additionally, clicking the 'Go to My Membership' button in the phishing email redirects users to a fraudulent domain. The phishing email browser displays a warning labeled 'Attention Required.' Naver emphasized, "Naver login and security settings pages only request information from 'nid.naver.com.'"
If users have entered their account information on the phishing page, they should change their Naver account password as soon as possible. They should also update passwords for any other sites using the same ID and password as their Naver account.
Phishing attempts impersonating Naver have been repeatedly confirmed. Last August, a new phishing scheme exploiting the frequently used 'easy login' feature was discovered.
Naver has previously advised users to verify the domain in the browser's address bar when using the easy login feature.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.