After updating their new permanent residence information on the VNeID app, many users excitedly showed off their electronic chip-embedded citizen identification cards on social media. However, according to warnings from authorities and experts, this seemingly harmless action poses great risks to data security and cybersecurity.
From Pride to Information Leakage Trap
Recently, on social networking platforms such as Facebook and TikTok, it is not difficult to see a series of users sharing screenshots of their electronic CCCD on VNeID after updating information about their new residence.
Many people have shared screenshots of the “uncovered” VNeID interface on social networks. This means that all personal data such as place of birth, hometown, permanent residence, temporary residence, current residence, identifying features, ID issuance date, etc. are completely exposed. From that information, bad guys can easily take advantage of it to commit illegal acts.
Mr. D.VA ( Hanoi ) said: "I saw many people showing off their new address on their ID cards, so I also took a photo of my ID card and posted it on Facebook. Unexpectedly, my friends commented and told me to delete it immediately because my information could be leaked."
Excitedly sharing citizen ID photos on VNeID after the merger of territories can turn you into a tasty target for scammers. (Photo: Lao Dong Newspaper)
According to Tien Giang Provincial Police, there are currently many online loan applications that only require taking a photo of both sides of the CCCD (or ID card) to be able to quickly resolve the loan contract and disburse the loan. Therefore, other subjects often find ways to get other people's personal information, then take photos and send them to these applications to borrow money for the purpose of appropriation.
These online loan apps have the advantage of simple procedures and quick disbursement, but the biggest disadvantage is that they skip the verification step, or if they do verify, the verification process is very sketchy, thereby creating loopholes and gaps for other subjects to have the opportunity to appropriate money through the loan contract.
There have also been many people who have been taken advantage of using two-sided CCCD (or ID card) images to register for postpaid subscriptions with network operators, then make international calls, or make domestic calls indiscriminately.
Currently, there are many virtual companies operating without employees, often buying other people's ID cards/CCCDs to register virtual tax codes for company employees to bypass the authorities. There are also many companies that choose to post unlimited recruitment notices with high salaries to attract others to apply for jobs, but in the end, they all announce that they are not successful, then use the applicant's ID card/CCCD photo to register virtual tax codes...
This trend also causes some people to be scammed in a more sophisticated way: subjects impersonating the police or population management agencies call to notify that "permanent address needs to be verified", from there asking users to provide information or install fake spyware "VNeID support application".
Once the user clicks on the sent link, the phone can be infected with malware, stealing data and login information to bank accounts, social networks or emails.
What do the experts say?
According to Mr. Vu Ngoc Son - Head of Technology Research Department, National Cyber Security Association, the fact that users are excited to share citizen identification card images on social networks after being updated about their new permanent residence according to the new administrative boundaries can potentially pose a risk of personal information leakage.
With the development of image recognition technology using artificial intelligence (AI), systems can automatically analyze photos and collect information from images, thereby obtaining information about the user's address, even the user's ID number if not covered. This data can be used to build personal profiles, serve forgery, fraud, property appropriation, or impersonation to make fake documents.
Mr. Vu Ngoc Son also recommends absolutely not posting photos of ID cards, driver's licenses, bank cards, etc. online. Cover up information such as ID numbers, addresses, and QR codes. At the same time, you should carefully check your privacy when posting and always be vigilant for unusual contacts after information is leaked.
People should be careful when sharing information about their new hometown and ID card on social networks.
Ho Chi Minh City District 12 Police have made a number of recommendations to the public, such as: Do not post or share CCCD images on social networks. Do not provide CCCD information to non-essential services or services that do not have a commitment to ensure the safety of personal information. Do not lend CCCD to others without a legitimate purpose.
When losing a CCCD, citizens need to report it to the authorities to report the loss and reissue the documents. At the same time, to prevent the case of the CCCD being exploited to carry out illegal civil transactions, there is a basis to prove that they are not related to those civil transactions.
In case of being tricked into using ID card/CCCD information to borrow money, people need to quickly notify the lending unit and contact the authorities for the fastest support. In case of being taken advantage of by other subjects to use ID card or CCCD card number to register for opening a bank account or registering for a postpaid subscription, people also need to quickly contact the bank or network operator for support...
Speaking to reporters of the Knowledge and Life Newspaper , lawyer Nguyen Ngoc Hung - Head of the Ket Noi Law Office (Hanoi Bar Association) said that in the context of increasingly strong digital transformation, the use of electronic applications to store and manage personal information has become popular. In particular, VneID, the official application deployed by the Government, is an important electronic identity authentication platform, integrating many utilities to serve citizens. However, recently on social networks, there has been a trend of sharing screenshots from VNeID, especially the part displaying new address information, as a way to show that one is a "citizen of the new administrative unit". This seemingly harmless behavior poses great risks to personal information security and significant legal consequences if exploited by bad guys.
According to the provisions of the Law on Cyber Security, Decree 13/2023/ND-CP on personal data protection, the Citizen Identification Card (CCCD) is a document containing sensitive personal identification information: full name, identification number, date of birth, portrait, QR code, permanent address... People have the right to share their personal data, but must be responsible for such disclosure, especially in a network environment with many potential risks. People publicly posting photos of their Citizen Identification Card on the VNeID application on social networks may violate regulations on personal information protection, depending on the content and method of sharing. When the CCCD image is posted publicly, users may inadvertently create conditions for bad guys to exploit, impersonate identities, register for online loans, open bank accounts or commit fraud and property appropriation. In fact, there have been many scams originating from seemingly "harmless" information leaked on Facebook, Zalo or other social networking platforms.
Lawyer Nguyen Ngoc Hung - Head of Ket Noi Law Office (Hanoi Bar Association).
When a user is exploited by a bad guy to impersonate, steal an account or appropriate another person's property, the user is the victim, not an accomplice or accomplice. Therefore, if there is no sign of intention or serious fault on the part of the user's account owner, this person will not be prosecuted for criminal or civil liability for the fraud committed by the bad guy. On the other hand, even if sharing one's own personal data, if the posting is careless, does not obscure sensitive information, leading to consequences for oneself or others, it can be considered as non-compliance with the obligation to protect personal data as prescribed in Decree 13/2023/ND-CP. Users may be held indirectly liable under the principle of non-contractual damages as stipulated in the 2015 Civil Code. Platform providers will not be directly liable for content posted by users if they have a warning mechanism and censorship tools in place. However, if the platform fails to promptly remove infringing content upon warning or tolerates the unauthorized dissemination of personal data, it may be subject to administrative sanctions as stipulated in Decree 15/2020/ND-CP, as amended by Decree 14/2022/ND-CP.
In the context of increasingly sophisticated high-tech crimes, people should absolutely not post photos of their ID cards, QR codes, or electronic data from VNeID on social networks, even if it is just for the purpose of sharing personal information or following trends. If forced to send ID cards online to complete administrative procedures or online applications, users should obscure unnecessary identification information; use email or security applications instead of posting publicly; monitor bank accounts, credit cards, and e-wallets to detect unusual transactions early. As soon as they notice that their accounts have been hijacked, users need to take some actions to prevent damage to themselves and others as well as to protect their legal position. Users need to report that their accounts have been compromised. This will help social networking sites temporarily lock the accounts to prevent further use by criminals. At the same time, record videos of unusual signs such as fake emails, strange login notifications, fraudulent messages sent from your account... by recording videos, taking screenshots. These evidences are very important if there is a dispute or need to report a crime. Use another account or ask an acquaintance to widely announce that the account has been hacked, and advise everyone not to transfer money, not to provide OTP codes or personal information if receiving suspicious messages. Contact and report the incident to the local police for reception, investigation and handling according to the law. After regaining access, users should change to a strong password, check and log out of all strange devices to ensure account security. In case the account is used for fraud or spreading illegal content, it is necessary to coordinate with the authorities to handle violations, avoiding causing damage to others.
Faced with fraud related to VNeID, the Ministry of Public Security has issued a recommendation: People should only install the VNeID application from official sources on the App Store (for iOS operating system) and CH Play (for Android operating system).
VNeID app on App Store: https://apps.apple.com/vn/app/vneid/id1582750372?l=vi
VNeID application on CH Play: https://play.google.com/store/apps/details?id=com.vnid&hl=vi&pli=1
Source: https://khoahocdoisong.vn/dung-khoe-anh-cccd-tren-vneid-keo-mat-tien-nhu-choi-post1552032.html
![[OCOP REVIEW] Bay Quyen sticky rice cake: A hometown specialty that has reached new heights thanks to its brand reputation](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/7/3/1a7e35c028bf46199ee1ec6b3ba0069e)
Comment (0)