South Korean police have arrested a gang of cybercriminals who used deception and social engineering to scam millions from the clients of massage parlors.
Between January 2022 and March 2025, the gang allegedly used phishing attacks to trick multiple massage parlor owners into installing malware disguised as a legitimate business program.
Using this malicious app, they stole the names, contact details, and text message records of male clients. This was then used to write personalized blackmail messages to victims.
The hackers would send claims such as: “We’ve installed cameras in the massage rooms. We’ll leak the recorded videos to your acquaintances,” local media reports.
The Cyber Investigation Unit of the Gyeonggi Nambu Provincial Police Agency said that these blackmail claims were completely false. No illegal filming actually took place and the threats were empty.
But the fear and embarrassment alone was enough for the gang to successfully extort a total of 1.7 billion Won ($1.16 million USD) from victims.
The gang’s setup was sophisticated. They had a dedicated office, equipment, and a payment withdrawal setup.
Police uncovered the operation during an unrelated investigation. Over 15 members of the gang were questioned, and five have now been referred for prosecution, including a ringleader.
Phishing scams, including completely false claims for extortion, continue to be a major driver of digital crimes. They can have a devastating impact on businesses and individuals.
The scams are a major issue in South Korea in particular, where financial losses have reportedly soared to nearly 800 billion won ($575 million) in 2025.
A South Korean police official stated, “Apps installed through unofficial channels, not official app stores or websites, can lead to personal information leaks or phishing damage.”
Businesses and individuals should be vigilant about potential phishing scams and report suspicious messages to local law enforcement.
Read Next
- Our guide to the Best Phishing Protection Solutions.
