5 new scams exploiting biometric authentication in banking transactions.

Since late last year, many security experts have predicted that cyberattacks will increase in 2024, primarily targeting smartphone users. This is because, in the context of today's rapid digital transformation, smartphones are becoming increasingly important to many people in both their personal and professional lives, making them an attractive target for cybercriminals.

Below are five online scams that the Vietnam Information Security Agency has recently advised Vietnamese Internet users to be vigilant about:

Impersonating bank employees to trick people into giving verification instructions in order to steal money.

Taking advantage of the regulation requiring biometric data updates on online banking applications, which came into effect on July 1st, in recent days, some individuals have impersonated bank employees to proactively contact users and commit fraud, stealing their assets.

Specifically, when contacting bank users, the impersonators request victims to provide personal data such as home address, photos of both sides of their citizen identification card, and bank account information. In many cases, the scammers even entice people to make video calls to collect the victim's voice, facial expressions, and gestures. After successfully stealing the data, the scammers can easily log into banking applications, online payment systems, and carry out money transfer transactions from the victim's account, thus misappropriating assets.

Furthermore, some perpetrators trick people into downloading fake applications containing malware via links attached in messages. Once victims download these applications to their phones, the perpetrators can easily monitor the actions the victims perform on their devices, thereby exploiting more sensitive information.

In response to the aforementioned new scam, the Cybersecurity Department advises people to be vigilant when receiving messages or calls instructing them to update biometric data. When contacted by individuals claiming to be bank employees or police officers, people should verify their identity. People should also avoid clicking on suspicious links and installing applications from unknown sources.

Speaking with a VietNamNet reporter, information security expert Vu Ngoc Son commented that scammers are often very quick to react to trending events and phenomena; they quickly devise scam scenarios that exploit these events and phenomena to maximize the chances of users falling into their trap. For example, in the past, when mobile network operators standardized subscriber information, or during the personal tax declaration period, many individuals impersonated network operators or tax officials to trick people into installing similar fake applications.

"To prevent this, users should call the bank's customer support center themselves using the officially published phone numbers, avoid installing unfamiliar applications, and not provide their OTP passwords," expert Vu Ngoc Son recommended.

Installing a fake online public service application resulted in the theft of 1.2 billion VND.

A resident of Trung Hoa ward, Cau Giay district ( Hanoi ) was recently swindled out of 1.2 billion VND by an imposter posing as a police officer. The scam involved instructing the victim to install a fake online public service application. The scammer sent the fake application via a link attached to a message, then contacted the victim, claiming their account verification was faulty and they needed to install the application for remote support. Once the victim followed the instructions, the scammer gained control of the device and subsequently stole money from the victim's bank account.

Notably, despite repeated warnings from authorities about the scam involving the installation of fake public service software, some citizens are still being defrauded of billions of dong. The Cybersecurity Department advises citizens not to access suspicious links. When receiving notifications related to the use of public service software, citizens should only download applications from official sources such as the AppStore and CH Play app stores. If any signs of fraud are detected, citizens should promptly report it to the authorities.

Scamming billions of dong through a disguised "easy job, high pay" scheme.

A woman living in Chơn Thành town ( Bình Phước province) was recently swindled out of over 2.3 billion VND by a scammer using a modified version of the "Easy Job, High Pay" fraud scheme. Specifically, the scammer befriended the victim via Telegram, then introduced her to a work-from-home job – "listening to designated songs, logging in, and voting for singers," with a promised reward of 35,000 VND per vote. After agreeing to participate, downloading a fake Zing MP3 application, and paying a deposit to complete the tasks as instructed by the scammers, the victim was defrauded of all the money she transferred.

Advising people to be wary of offers of "easy work, high pay," experts from the Information Security Department also cautioned citizens against transferring deposit money or paying participation fees without verifying the identity of the perpetrator. If they notice signs of fraud, citizens should save conversations and information about the perpetrator and then report it to the local police to promptly prevent the scam.

Impersonating the Anti-Fraud Center to swindle money.

According to the Information Security Agency, the Ontario Provincial Police (Canada) recently issued a warning about scams impersonating the Canada Fraud Prevention Centre (CAFC). Specifically, the scammers first impersonate bank employees, credit card providers, or e-commerce platforms to contact users, informing them that their accounts have been compromised and showing signs of suspicious transactions. Then, they send emails with the CAFC logo to increase credibility, requesting victims to provide personal data, banking information, and conduct transactions to steal money.

Furthermore, scammers tend to impersonate investigators working at CAFC, targeting victims and promising to help them recover their lost money. They will then request information from the victims to assist in the investigation, thereby appropriating their assets.

To prevent this, the Information Security Department recommends that people be vigilant when receiving messages or emails from any unit or organization; do not provide personal data; do not transfer money when requested; and verify messages and emails through official electronic portals and phone numbers.

Warning about scams via the WhatsApp app.

WhatsApp is a popular online chat application, widely used by people of all ages worldwide. Therefore, it is also an extremely convenient platform for fraudsters to commit fraud and steal property. Through this online chat platform, fraudsters are using many deceptive tactics such as impersonating relatives and friends; notifying people about participating in prize giveaways; tricking them into upgrading the application; requesting verification codes, etc.

To prevent scams via WhatsApp, the Information Security Department advises people to be vigilant when receiving messages from strangers; do not click on links attached in messages, do not provide personal information, and do not transfer money as requested by strangers. When receiving messages asking for loans, people should carefully verify the identity of the sender through the information on the profile of those accounts.