Banks present scam scenarios to lure borrowers to find floating apps

Sharing about this issue, VPBank representative emphasized that people need to be especially vigilant with calls, messages, emails impersonating police officers, the Procuracy, the State Bank, commercial banks (NHTM)... with threatening content to force or instruct customers to perform actions that could harm the devices they are using. These actions are essentially aimed at appropriating assets at the bank.

According to VPBank , common scam scenarios include: Notifying that the account/credit card is at risk and needs to install a link to check/process; notifying that the credit history has bad debt or has loans at credit institutions (CIs) that the customer does not know about, causing panic, asking the customer to provide personal information as well as install a recovery application.

“The subject also impersonated bank employees, through understanding the credit relationship situation of customers with banks, to request the settlement of outstanding credit card and loan balances even though they had not yet reached the payment deadline; or offered and solicited account opening services, quick loans, attractive interest rates, essentially luring them to unlicensed, floating 'hot' loan apps,” the VPBank representative emphasized.

In addition, some commercial banks also said that some subjects also impersonated investigators, asking for money transfers to police accounts to prove their innocence; impersonated state officials, bank employees, asking for biometric data updates, VNeID, tax declarations... to send links containing malicious code, tricking customers into accessing them.

Not only that, the subject also offered to sell documents allegedly related to the information incident at CIC, which contained malware or aimed at taking control of the device of the person downloading the document; using AI and Deepfake technology to cut and paste, creating fake images and videos with the user's face with increasing accuracy, making it difficult for relatives and viewers to distinguish between real and fake.

Regarding the above issue, a representative of 9Pay Joint Stock Company affirmed that customer data and 9Pay's system are currently not affected. 9Pay is increasing its warning and consulting activities for customers and partners against the risks of data leakage and common forms of fraud such as: Impersonating banks/CIC to steal OTP and passwords; fraudulent loans, CIC debt cancellation; illegal registration of financial services (e-wallets, quick loans); Spam/fraudulent advertising related to credit and debt.

"Internally, 9Pay has issued specific regulations and instructions, requiring all employees to strictly comply with security principles such as: Do not share login information of internal systems; do not provide OTP/passwords via phone, email or unofficial channels; change passwords periodically, enable 2-layer authentication (2FA) for important accounts; be wary of fake messages/calls related to CIC, banks, loans; do not access/download files or links suspected of containing data leaked from recent attacks," said Mr. Nguyen Thanh Trung, CTO 9Pay.

9Pay is committed to absolutely protecting customer information, strictly complying with information security regulations and international security standards. “We continue to closely coordinate with the authorities; at the same time, step up propaganda and guidance for customers and partners to raise their vigilance against increased fraud after the CIC incident,” said Mr. Nguyen Thanh Trung.

Representatives of some commercial banks emphasized that users should not interact with people claiming to be officials of agencies if their personal information has not been verified; do not access links or QR codes, or install applications sent from strangers without verifying the information; do not arbitrarily download, share, exploit, or use data related to other people's credit; in case of intentional violation, they will be handled according to the provisions of law.

In particular, users should not share images, videos and personal information widely (publicly) on social networks; should set security and privacy modes at the highest level.