On the morning of November 28, a user shared a story about being permanently locked out of a Samsung account logged in on two phone models of the Korean manufacturer after accessing a website that was said to be fake. Accordingly, the Facebook account owner named DT said that while accessing the social network, he saw a post inviting him to participate in testing the OneUI 7 Beta interface (user interface on Samsung smart devices). Attached to the post was a link to a website with an interface similar to the company's website, announcing the invitation to test OneUI 7 Beta.

To join the program, users need to access a link attached to the page, then be redirected to the Samsung Member application available on the device to complete the account authentication process. "Curious, I tried logging in, thinking that there would be no problem if I did not provide personal information. However, just six days later, both of my Samsung phones were locked," posted Mr. DT.

When he brought the device to the service center, he was informed that the device could not be unlocked and was advised to create a new Samsung account for other devices. The incident made Mr. D.T feel disappointed about the security level of the system with Samsung accounts and the way the service center handled it. He said that he had provided all the necessary information but the unlocking was still not resolved.

Samsung account security controversy

In the video provided by Mr. D.T, there is no entry of personal information (account, password). This raises concerns that Samsung accounts can be compromised even if users do not provide information directly. Many members of the technology community have argued about the security of the Samsung account system.

Some comments expressed doubts about how the company manages login information on the system. Facebook account named Vu Duy Long commented: "I agree with the post owner. How can it be that with just the word 'Login', without providing anything, it still happens? If I click on a strange link, not from the company, how can the account automatically sync there... absurd".

However, another group believes that the fault lies with the user. According to them, Mr. D.T.'s act of recognizing the fake website but still clicking on the link is an inappropriate action. Duy Luan, a famous reviewer in the technology community, commented: "Because it looks so real, you trust and allow it. I think this is a lesson learned and a warning, because this scam is definitely sophisticated."

According to a technology expert, when a user has registered a device as a "Trust Device", which is usually the main personal device and is used frequently, any consent operation from this device is considered valid by the system, leading to the account being used by a fraudster if the website is fake.

In Mr. D.T's case, although he did not directly enter personal information, the act of clicking "Login" on a fake link created an opportunity for the attacker to exploit the vulnerability. Specifically, the fake website contained a link that directed to the application to request access and retrieve account authentication data. After clicking on this link, the system automatically transferred the user to the Samsung Member application - the software that contains Samsung account login information.

Since the device is a "Trusted Device", the account is already saved, so the user does not need to manually enter the details, but only needs to select "Login" and then "Agree" or "Disagree" for the system to use the Samsung account information (pre-saved) to send to the website (due to the user clicking on the link before). "The user has authorized the application to use the login data so that the process is automatically implemented without having to enter additional information. They themselves have logged into that website without directly entering the account name or password," the expert further explained.

The incident is a testament to the complexity and sophistication of today’s cyber scams. According to the Norton Cyber ​​Safety Pulse report for September 2023, scams, phishing, and other forms of human manipulation account for more than 75% of all digital threats. This shows that cybercriminals are increasingly focusing on exploiting users’ lack of vigilance to commit fraud.