---
title: "How Are \"Ghost Accounts\" Created, and How Can They Be Prevented?"
locale: en
category: how_to
category_name: "How-to"
translation_status: reviewed
license: cc_by
author: "Injoys Editorial Team"
source_url: https://injoys.com/en/articles/daepotongjang-voice-phishing-prevention
published_at: 2026-07-09T22:23:44+09:00
---

# How Are "Ghost Accounts" Created, and How Can They Be Prevented?

> A "straw account" is an account where the account holder and the actual controller are different, and it is often misused to transfer funds obtained through voice phishing scams. This article summarizes common scams—such as high-paying part-time jobs, refunds for mistaken transfers, purchasing and currency exchange services, and personal information theft—along with preventive measures, based on Korean standards.

## Key Points

- A "straw account" is an account where the account holder and the actual controller or user are different; it is misused to transfer funds obtained through voice phishing and to evade financial tracking.
- Transferring or lending access devices—such as bankbooks, debit cards, passwords, and OTPs—in exchange for compensation is punishable under the Electronic Financial Transactions Act.
- Requests for re-transfers disguised as high-paying part-time jobs, shopping services, currency exchange, loan processing, or the return of mistakenly sent funds are common red flags used to recruit people for "ghost accounts."
- If you receive an unexpected deposit, do not transfer it to anyone else; instead, report it immediately to your financial institution so it can be processed through the official refund procedure.
- If you suspect a personal information leak, you should take safety measures such as checking accounts in your name, blocking remote account openings, and, if necessary, freezing your accounts.

A “front account” is a bank account used in financial crimes such as voice phishing, loan fraud, illegal gambling, and romance scams to temporarily receive or transfer stolen funds. While they may appear to be normal accounts on the surface, in reality, they are often controlled by criminal organizations rather than the account holder, or the account holder is unwittingly drawn into the flow of funds without realizing the criminal nature of the activity.

This article is not intended to replicate criminal methods but serves as a safety guide to help readers understand how victims are deceived and what preventive measures to take.

## What Is a “Dapo” Account?

A “straw account” generally refers to an account where the registered holder is different from the actual user or controller. Here, the term “account” does not refer solely to a paper passbook. It also includes any means of access that can be used to manage the account, such as internet banking, mobile banking, debit cards, ATM cards, passwords, OTPs, and digital certificates.

Under South Korea’s Electronic Financial Transactions Act, these means are broadly classified as “access media.” Transferring access media to others, lending them in exchange for money, storing, delivering, or distributing them, or brokering or advertising such activities may be subject to punishment.

### Key Definitions

| Term | Meaning | Points to Note |
|---|---|---|
| Front Account | An account where the registered holder and the actual controller are different | Even if the account is in your name, it can become a problem if someone else uses it. |
| Access Medium | A means of accessing an account | May include passbooks, cards, passwords, OTPs, and certificates. |
| Account Used for Fraud | An account suspected of having received or been used for proceeds from telecommunications financial fraud | May be subject to payment suspension, transaction restrictions, or victim reimbursement procedures. |
| Mistaken Transfer | A transfer sent by mistake | It is safer to use the procedures provided by financial institutions or the Korea Deposit Insurance Corporation rather than attempting a direct return between individuals. |

## Common Methods Fraudsters Use to Obtain “Straw Accounts”

While “straw accounts” are sometimes “newly created,” in reality, they are often obtained by borrowing, stealing, or deceiving others to gain access to their accounts. The types listed below are high-risk warning signs to watch out for.

| Method | Surface-Level Claim | Actual Risk | Safe Response |
|---|---|---|---|
| Short-term, high-yield part-time job | “We’ll pay you a stipend just for lending your bank account” or “account verification tasks” | You may face criminal charges for lending, transferring, or providing access to your account. | Never hand over your bankbook, card, password, or OTP. |
| Purchase代行, currency exchange, or settlement part-time jobs | Transferring deposited funds to another account or delivering them in cash | You may become a money mule or a money laundering conduit. | If a job requires you to receive company funds into your personal account, verify the contract, business registration, and official payroll system before refusing. |
| Disguised as an Erroneous Transfer | “I sent this to the wrong account; please transfer it back to my personal account” | This could create a scheme where fraud proceeds pass through your account. | Report it to the bank first and follow the official refund procedure. |
| Loan Processing/Credit Score Improvement | “You need to build a transaction history to get a loan approved.” | You may be drawn into fraudulent transactions, ghost accounts, or loan scams. | Stop any requests for advance payments, repayments to third-party accounts, or proof of transaction history, and verify the matter with the official customer service center. |
| Personal Information Theft and Identity Theft | Requests for photos of ID cards, verification codes, or remote control apps | Accounts may be opened in your name without your knowledge, or your account may be hijacked. | Do not share your ID card, verification codes, security cards, or app authorization requests. |
| Ads for Buying and Selling Accounts | “Buying dormant accounts” or “Buying debit cards” | This is highly likely to lead to clearly illegal transactions. | Report the ad and do not contact them. |

## Why Do Voice Phishing Organizations Use “Straw Accounts”?

Voice phishing organizations do not receive money sent by victims directly into accounts in their own names. This is because law enforcement agencies and financial institutions can track the flow of funds and freeze payments. Therefore, they use multiple accounts as intermediate stopovers to split the stolen funds or attempt to move them through cash withdrawals, re-transfers, or the purchase of virtual assets.

The reason dummy accounts are dangerous is that even if the account holder was deceived like the victim, the account name and transaction records remain on file. In particular, if you receive money into your own account and then re-transfer it or hand it over in cash following someone else’s instructions, you may find yourself in a situation where you must prove—during investigations and financial institution reviews—whether you are a “mere victim” or a “mule or provider of a straw account.”

## Legal Penalties and Adverse Effects on Financial Transactions

Under South Korean law, acts such as transferring or acquiring access media; lending, storing, delivering, or distributing access media in exchange for compensation; providing access media for the purpose of criminal use or while knowing it will be used for criminal purposes; or brokering, mediating, advertising, or soliciting such acts may constitute a violation of the Electronic Financial Transactions Act. The “Easy-to-Find Information on Everyday Laws” guide states that such violations may be punishable by up to five years in prison or a fine of up to 30 million won.

Furthermore, if a person involved in “straw account” transactions is registered as a violator of financial order, they may face disadvantages when applying for new loans, credit cards, opening bank accounts, or purchasing insurance. Guidance materials from the Financial Supervisory Service posted on “Policy Briefing” explain that information regarding violations of financial order is shared among financial institutions for a certain period and used in credit assessments, meaning adverse effects may persist for up to 12 years.

### Why Simply Saying “I Didn’t Know” Isn’t Enough

In reality, scammers use language designed to make their activities sound like “legitimate part-time work,” “tax-free settlements,” “loan processing procedures,” or “company fund transfers.” However, if you transferred money received in your own account or handed it over in cash as instructed, the question may arise as to whether you had reason to suspect that the transaction was unusual.

However, it is important to distinguish between cases where your personal information was stolen and an account was opened without your knowledge, and cases where you personally handed over your bankbook, card, or password. If you suspect identity theft, report it as soon as possible to financial institutions, the police, or the Financial Supervisory Service, and preserve evidence proving that you were not involved.

## Steps to Take When Receiving an Unidentified Deposit

As a general rule, do not directly return the funds even if an unknown person contacts you claiming it was a “mistaken transfer” and asks you to send it back. While it may genuinely be a mistaken transfer, it could also be an attempt to use your account as a transit point for proceeds from a crime.

1. Take a screenshot of the deposit details, including the sender’s name, time, and amount.
2. Immediately report the incident to the customer service center or a branch of the bank where the deposit was made.
3. Do not transfer funds directly to any account provided by the other party.
4. Check the bank’s guidelines for returning mistaken transfers or the Deposit Insurance Corporation’s procedures for assisting with the return of mistaken transfers.
5. If there are signs of voice phishing, extortion, or loan fraud, report it to the police (112), the Financial Supervisory Service (1332), or the financial institution’s customer service center.

## If Your Personal Information Has Been Stolen or You Suspect Identity Theft

If you have provided a photo of your ID, your Resident Registration Number, account number, password, verification code, security card, OTP, digital certificate, or remote control access to your cell phone, your account may be directly compromised or misused to open an account remotely.

### Items to Check Immediately

- Check your accounts under your name using the Integrated Account Management Service or AccountInfo.
- Check for any unknown accounts, unknown automatic transfers, or signs of unknown card or loan applications.
- Contact your financial institution to inquire about blocking remote account openings, restricting withdrawals, and resetting your password.
- Delete any remote control apps, apps from unknown sources, or text-forwarding apps installed on your smartphone, and run a security scan.
- If a copy of your ID has been leaked, check whether you can request a reissue and register with financial institutions to prevent fraud.

## Checklist for Identifying “Ghost Account” Recruitment

If any of the following items apply, stop the transaction immediately and verify the situation.

- They offer payment based on a “per-transaction fee” rather than a salary.
- They ask you to receive an unknown payment into your account and then transfer it to another account.
- They ask you to send loan repayments or security deposits to a personal account rather than a company account.
- They request a photo of your ID, your account password, OTP code, or verification code.
- They ask about your account number, whether you can provide a card, or whether you can make withdrawals before discussing the actual job details.
- They give instructions exclusively via messaging apps like KakaoTalk or Telegram, and their official business information is unclear.
- They say, “Never tell your bank,” “This is necessary for tax purposes,” or “It will improve your credit score.”

## Prevention Guidelines

The most important rule is simple: Use your account only for purposes you have personally verified, and never give anyone the means to access your account.

### Principles for Individuals

- While you should be cautious even about sharing just your account number, providing your card, password, OTP, or verification code is especially dangerous.
- If the source of deposited funds is unclear, do not use or transfer the money; report it to your bank first.
- Verify loan consultations only through a financial institution’s official app, website, or customer service hotline.
- Even if a job posting pretends to be for financial work, refuse any position that requires you to receive funds, re-transfer money, or deliver cash.
- Share the principle of “reporting unknown deposits to the bank first” with your family as well.

### Principles for Businesses and Operators

- Do not require settlement tasks using personal accounts in job postings.
- Process customer refunds through accounts in the business’s name and follow standard accounting procedures.
- Do not allow employees to receive company funds into their personal accounts.
- Document procedures for reporting suspicious transactions and internal approval processes.

## Red Flags from Real-Life Cases

### Case 1: A Request to Immediately Return Funds Claiming a “Mistaken Transfer”

A stranger sends 800,000 won and says, “I sent this by mistake; please send it back to this account.” If you transfer funds to the account provided by the other party, your account could be used as a conduit for the stolen funds. You should report this to your bank and return the funds according to the bank’s instructions.

### Case 2: Part-time Job Offering “Purchase Agency Settlement”

A company claiming to be a shopping agency tells you that customer funds will be deposited into your personal account and instructs you to transfer the amount minus a certain fee to another account. A legitimate company would have procedures in place, such as an account in the business’s name, tax invoices, payroll payments, and contracts. A system that repeatedly routes funds through personal accounts is extremely dangerous.

### Case 3: Requests for Deposits or Repayments Before Loan Approval

Someone impersonating a financial institution employee asks you to transfer your existing loan balance to a specific individual or an unfamiliar corporate account in order to approve a refinancing loan. The Financial Services Commission warns that requesting loan repayments to third-party accounts is a fraud scheme involving “ghost accounts.” You must verify the authenticity of the request through the official app or the main customer service number.

## At-a-Glance Response Chart

| Situation | What Not to Do | What to Do |
|---|---|---|
| Request to lend bankbook or card | Accepting money and lending it out | Refuse immediately and report the ad or account |
| Unexpected Deposit | Personally forward the funds | Report it to the bank’s customer service center or branch |
| Voice Phishing Money Transfer Scam | Continue talking to the scammer | Call 112 or 1332, and request a payment freeze from the financial institution |
| Personal Information Leak | Providing Additional Verification Codes | Change your password; check your account status; confirm that account opening is blocked |
| My Account Has Been Frozen | Ignoring the issue or providing arbitrary explanations | Submit evidence clarifying the facts to the bank’s incident response department |

## Conclusion

Straw accounts are a key tool used by criminal organizations to hide stolen funds. Statements such as “Just lend me your bank account,” “Just send me the money that was deposited,” or “It was a mistaken transfer, so please return it immediately” are all red flags. The safest course of action is to never hand over your account access credentials, never move funds from unknown sources without authorization, and always follow official procedures through the bank, police, the Financial Supervisory Service, or the Korea Deposit Insurance Corporation.

## FAQ

### What exactly is a "cannon account"?
A "straw account" refers to an account where the account holder is different from the person who actually controls or uses it. Voice phishing organizations do not receive the stolen funds directly; instead, they use these accounts as intermediaries to make it difficult to trace the funds and freeze the payments.

### Can an account become a "ghost account" just by providing the account number?
Simply providing your account number doesn’t necessarily mean your account will be used for fraudulent purposes, but it’s dangerous to accept money from unknown sources and then transfer it or hand it over in cash as instructed by someone else. You must never provide any means of accessing your account, such as your card, password, OTP, or verification code.

### What penalties could I face if I lend my bank account to someone else?
Under the Electronic Financial Transactions Act, acts such as transferring or acquiring access devices, or renting, storing, delivering, or distributing them in exchange for compensation, are subject to punishment. “Easy-to-Find Information on Everyday Laws” states that violations of this law may result in imprisonment for up to five years or a fine of up to 30 million won.

### Is it a problem if I just transferred the money I earned from a high-paying part-time job?
This could be a problem. That’s because such tasks are sometimes actually used to transfer funds obtained through voice phishing or for money laundering. If your job involves transferring money received into your account to another account or handing it over in cash, it’s safest to stop immediately and consult with a financial institution or law enforcement agency.

### What should I do if I receive a deposit from an unknown sender and am then contacted saying it was a mistaken transfer?
Do not transfer money directly to the account provided by the other party; instead, report it first to the customer service center or a branch of the bank where the funds were deposited. Even if it is a genuine mistaken transfer, it is safer to have the funds returned through the official procedures of the financial institution or the Deposit Insurance Corporation.

### Can someone open a bank account using my personal information without my knowledge?
If your ID photo, verification code, account password, or permissions for remote control apps are leaked, the risk of identity theft or account takeover increases. You should check the accounts registered under your name, and if you find any unfamiliar accounts, report them to your financial institution and the police to clarify the situation.

### Can I trust someone who tells me to send a loan payment to their personal account?
Please be cautious. The Financial Services Commission warns that requests to repay loans via someone else’s bank account are a form of voice phishing that uses “ghost accounts.” You should verify any requests for loan-related payments through a financial institution’s official app, website, or customer service hotline.

### If I'm registered as the holder of a "ghost account," will my financial transactions be restricted?
That is possible. A notice from the Financial Supervisory Service posted on Policy Briefing explains that if a person involved in transactions using “ghost accounts” is registered as a violator of financial order, they may face disadvantages when applying for new loans, using credit cards, opening bank accounts, or purchasing insurance.

### If I've already sent money to a voice phishing scammer, where should I report it?
You should immediately contact the National Police Agency at 112, the Financial Supervisory Service at 1332, and the customer service center of the financial institution through which the funds were sent or received to report the incident and request that the payment be stopped. It is important not to delay, as the longer you wait, the greater the likelihood that the money will be transferred.

### What should I do if I see an ad recruiting people for "ghost accounts"?
It is safer to use the platform’s reporting feature, report illegal financial activities to the Financial Supervisory Service, or file a police report rather than contacting the advertiser. Phrases such as “Buying bank accounts,” “High returns for lending your account,” and “Get a commission just by sending your credit card” are clear red flags.

## Sources

- [Easy-to-Find Information on Everyday Laws: Prohibition on Transfer of Access Devices, etc.](https://easylaw.go.kr/CSP/CnpClsMainBtr.laf?ccfNo=2&cciNo=2&cnpClsNo=1&csmSeq=1771&menuType=onhunqna&popMenu=ov)
- [National Law Information Center: Article 6 of the Electronic Financial Transactions Act](https://www.law.go.kr/LSW/LsiJoLinkP.do?docType=JO&joNo=000600000&languageType=KO&lsNm=%EC%A0%84%EC%9E%90%EA%B8%88%EC%9C%B5%EA%B1%B0%EB%9E%98%EB%B2%95&paras=1)
- [Financial Services Commission: 10 Tips for Preventing Voice Phishing Scams](https://www.fsc.go.kr/po010101/86250?curPage=1&srchBeginDt=&srchCtgry=&srchEndDt=%2F1000&srchKey=&srchText=)
- [Republic of Korea Policy Briefing: Financial Transactions Restricted for Up to 12 Years for Those Involved in "Ghost Account" Transactions](https://www.korea.kr/news/policyNewsView.do?newsId=148810541)
- [Financial Services Commission: Guidance on Improvements to Transaction Limits for Accounts with Transaction Limits and Sanctions Against Accounts Used for Fraud](https://www.fsc.go.kr/po010101/82205?curPage=4&srchBeginDt=&srchCtgry=1&srchEndDt=&srchKey=&srchText=)
- [Korea Deposit Insurance Corporation Financial Security Portal: Procedures for Assistance in Recovering Accidental Money Transfers](https://fins.kdic.or.kr/ir/aplygudn/MtrsGvbkSprtProc/selectScrn.do)
- [Integrated Account Information Management Service: All My Accounts at a Glance](https://www.payinfo.or.kr/gatePay.html)
- [Guide to Financial Fraud Relief: Reporting Agencies and Payment Suspensions](https://www.kfcpf.or.kr/front/protect/reportingAgency.do)

## Images

![Vector scene of a shield and lock protecting bank cards, a passbook, and mobile banking from scam money flows](https://injoys.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA4NywicHVyIjoiYmxvYl9pZCJ9fQ==--f1d905bcb97bbfa1e4bd3a93349467ecfb666677/ChatGPT%20Image%202026%E1%84%82%E1%85%A7%E1%86%AB%207%E1%84%8B%E1%85%AF%E1%86%AF%209%E1%84%8B%E1%85%B5%E1%86%AF%20%E1%84%8B%E1%85%A9%E1%84%92%E1%85%AE%2010_03_04.webp)
![Vector scene showing an unknown deposit alert, blocked retransfer path, bank support, and verification steps](https://injoys.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA5NCwicHVyIjoiYmxvYl9pZCJ9fQ==--7be392e49d422a11b102a7f933e0a7dcd157f85d/ChatGPT%20Image%202026%E1%84%82%E1%85%A7%E1%86%AB%207%E1%84%8B%E1%85%AF%E1%86%AF%209%E1%84%8B%E1%85%B5%E1%86%AF%20%E1%84%8B%E1%85%A9%E1%84%92%E1%85%AE%2010_09_09.webp)