L.S. from Go Vap District of Ho Chi Minh City suddenly received a call instructing her to upgrade her 3G SIM to a 5G one by sending an SMS with the content ‘DS’ to the number 901. Seeing that this is a free service, plus a promise of free data packages, L.S. followed the instruction. About 10 minutes later, she discovered she lost nearly 2 million VND in her e-wallet linked to her phone number.
Functional agencies explained that the above SMS is used to transfer a current SIM to a new blank one, and users lose the control of that SIM. All calls and SMS will be then sent to the new SIM under the control of criminals. Thus, they can easily use the OTP authentication with that phone number to sign in bank accounts, e-wallet accounts of victims to steal money.
Criminals usually impersonate customer service representatives of major mobile network carriers and contact phone subscribers for troubleshooting purposes. They normally instruct users to send a functional SMS so that they can take control of users’ current SIM.
One typical SMS content used by these criminals is ‘**21*#’, which is a Call Forward function offered by carriers for phone owners to forward their calls and SMS to a new number. After victims finish this action, criminals easily see all OTP authentication codes of those victims and use them to sign in important accounts.
An experienced e-wallet user advised that people should not put too much money in an e-wallet, and transfer sufficient amounts from banks when needed is a wiser choice.
VinaPhone also warns its customers against sending the code ‘**21*Số điện thoại#’ when being instructed by a strange call. Also, if customers discover that their phone cannot receive any calls, they have to immediate send the SMS ‘##21#’ to cancel the Call Forward function, followed by contacting VinaPhone’s free hotline 18001091 to check the security status.
Similarly, MobiFone subscribers need to dial its hotline 9090 to verify whether the person contacting them are truly MobiFone employees or not. They are warned against sharing their OTP codes, passwords, sensitive information, bank accounts, PIN code to unreliable sources.
Since most cases of information leak are because of users’ carelessness, MobiFone advises that when an incident is detected, victims must contact network carriers or the local police posts at once for proper solutions.
Viettel asks that its customers strictly observe all laws of the country as well as its regulations regarding sign-up information provision. Users are advised to beware of calls from strangers for SIM upgrade or prize winning purposes.
To better protect their SIM, mobile phone users are recommended to install apps to provide 2-leveled authentication like Google Authenticator, Authy or Microsoft Authenticator.
The PIN code for a SIM is a 4-digit string, which is required every time users restart their phone, remove or insert a SIM into a phone. Incorrect input of this code equals to SIM locking status. This will prevent criminals from using the SIM in case a phone is stolen, and users have not told network carriers to lock the SIM yet.