In the first nine months of 2024, the Information Security Authority under the Ministry of Information and Communications received over 22,210 complaints related to online scams. These scams have evolved from simple identity theft to complex investment frauds and, more recently, fraudulent government service applications and websites.
A notable case involved a resident of Pleiku City of Gia Lai Province, who was tricked into transferring VND850 million (US$33,420). The perpetrator lured the victim to a fake website, stole their personal information, and coerced them into making the transfer. Fortunately, the Gia Lai Provincial Police were able to recover the fund and return to the victim.
Ill-intention people usually collect published personal information of an individual via social network sites before luring that person to follow their script and access fake legitimate government, financial services platforms, or install scamming applications. They then entice the victim to enter sensitive data (citizen ID card number, one-time password aka OTP of a money transfer), which normally grants the criminals access to the victim’s accounts and enables them to transfer funds.
To protect against these scams, information security experts recommend the following:
- Only download apps from trusted sources (App Store and Play Store).
- Verify the authenticity of website URLs.
- Only access a link with the prefix of https and official websites of an organization.
Bkav Cybersecurity Co. has just released a warning to the public as millions of people in Vietnam are being tricked by fake Zalo websites, namely zaloweb.me and zaloweb.vn. The formal website of Zalo is https://oa.zalo.me. Thus, when entering the two fake websites and clicking the sign-in button, users are redirected to advertising websites for football gambling, adult material, or those with viruses to steal personal information.
Director Ngo Tran Vu of NTS Security Co. cautioned that cybercriminal groups often operate in a coordinated manner, following well-defined scripts. However, he noted a common pattern in their tactics, which typically involve requests for sensitive information such as citizen ID card numbers, OTPs, bank account details, and funds transfers. Identifying these requests is crucial to avoiding falling victim to phishing scams.
Creating fraudulent apps and websites is relatively straightforward for individuals with basic programming skills. By copying the interface of legitimate platforms, utilizing open-source code, or even employing AI-generated content, cybercriminals can create highly convincing replicas. While the main interface of a fake app or website may closely resemble the original, a closer inspection of the details often reveals inconsistencies.
Technical Director Vu Ngoc Son of the Vietnam National Cyber Security Technology Corporation (NCS) emphasized the growing trend of phishing attacks targeting mobile applications. He noted that recent incidents have shown cybercriminals focusing on mimicking banking and government services, aiming to trick users into downloading malicious apps that can compromise their devices and steal their personal information or money from bank accounts.
To combat this threat, the National Cybersecurity Association has launched nTrust, a free mobile app designed to help users detect fraudulent apps and websites. nTrust leverages a comprehensive database maintained by government agencies, including the Ministry of Public Security, the Ministry of Information and Communications, and the State Bank of Vietnam. The app is continuously updated based on user reports and can automatically alert users when it detects a malicious app or website.
