AI scams during the year-end shopping season.

Mr. Vu Duy Hien, Deputy Secretary General and Chief of Office of the National Cybersecurity Association, speaks at the event (Photo: NCA).

At the seminar "Identifying Scams - Shopping with Confidence" organized by the National Cyber ​​Security Association (NCA) in collaboration with TikTok, cybersecurity experts and regulatory agencies issued red flags and outlined a "three-layered shield" defense strategy against the wave of high-tech crime.

"The Scam" from a single click

Speaking at the event, Mr. Vu Duy Hien, Deputy Secretary General and Chief of Office of the National Cybersecurity Association, said that we are entering the most sensitive time of the year.

With millions of transactions taking place every day, cybercriminals are at their most active, employing ever-changing tactics: from impersonating brands and e-commerce platform employees, to "shocking sale" scams, and using Deepfake technology to manipulate people's psychology.

"These scams often start with very small actions: a click, a QR code, a seemingly familiar video call. And in just a few seconds of inattention, people can pay the price with their personal data, social media accounts, or even their entire finances ," Mr. Hien emphasized.

Sharing the same view, Mr. Vu Ngoc Son - Head of the Research, Consulting, Technology Development and International Cooperation Department (NCA) - pointed out a paradox of the digital age: "Never before has shopping and payment been so convenient, but never before has people's assets been so easily stolen after just one moment of carelessness."

According to Mr. Son, criminals today are not limited to creating fake websites. They are making full use of artificial intelligence (AI) and Deepfake technology to impersonate the faces and voices of loved ones in order to manipulate emotions, exploit trust, or take advantage of victims' fears.

He warned about a scenario where, after placing an order, users receive a call from a (fake) delivery driver or a (fake) police officer informing them that the goods are problematic or contain prohibited substances. Because order data has been leaked, the scammers can read the information accurately, causing the victims to believe them completely and fall into the trap.

KOLs and KOCs must disclose their eligibility for sponsorship.

At the seminar, Dr. Phan The Thang - Deputy Head of the Consumer Protection Department, National Competition Commission ( Ministry of Industry and Trade ) - provided new perspectives on the legal framework, especially the Law on Protection of Consumer Rights 2023 (effective from July 1, 2024).

Mr. Thang particularly emphasized the role and responsibilities of "influencers" (KOLs, KOCs) in cyberspace.

One crucial new rule that content creators need to be aware of: When advertising or providing information about a product, they must clearly inform consumers if they are sponsored.

Dr. Phan The Thang - Deputy Head of the Consumer Protection Department, National Competition Commission, shared information about the legal framework for protecting consumers (Photo: NCA).

"Even if the sponsorship is in kind or other forms of support, it is still considered sponsorship. However, if a livestream advertisement is broadcast without clearly stating that it is sponsored, or if it provides incomplete or misleading information about the product's uses, causing confusion for consumers, then that is a prohibited act," Mr. Thang affirmed.

He also cited cases of celebrities who have been penalized recently for exaggerating the benefits of dietary supplements in advertisements.

Furthermore, Mr. Thang also clarified the difference between "personal data" and "consumer information." Consumer information is broader, encompassing information related to transactions, behavior, preferences, etc.

The law strictly stipulates that organizations and individuals engaged in business (including individuals selling online without business registration) are responsible for protecting this information and are not allowed to collect it without the explicit consent of the user.

"3 No's - 3 Quick's"

In response to the relentless onslaught of cybercriminals, Mr. Vu Ngoc Son proposed a solution to protect users based on the "Three-Layer Shield" model: Legal - Technology - Skills.

In that context, he emphasized that skills are the most important safeguard, because safety doesn't come from luck, but from knowledge.

To help people easily remember and practice these methods, expert Vu Ngoc Son has come up with a "mantra" for preventing fraud called: 3 Don'ts - 3 Quick Actions.

Don't trust completely: Even seeing a loved one's face or hearing their voice during a video call can be hard to believe immediately because it could be a Deepfake. Verification is necessary.

Do not install apps from unfamiliar links: Installing unfamiliar apps is like "opening the door" and giving hackers complete control of your phone.

Do not transfer money without verification: No matter how sophisticated the scam, the ultimate goal is always to request a money transfer. This is the last line of defense that must be maintained.

At the same time, users also need:

Quick verification: When receiving suspicious information (winning a prize, account being locked, a relative in trouble, etc.), immediately check through official channels or use another phone to verify.

Mr. Vu Ngoc Son - Head of the Research, Consulting, Technology Development and International Cooperation Department - National Cybersecurity Association, offers advice to consumers to shop online with peace of mind (Photo: NCA).

Disconnect immediately: If you are being threatened or psychologically manipulated over the phone, disconnect decisively. "The police do not conduct business via Zalo, nor do they request money transfers to prove innocence," Mr. Son emphasized.

Report immediately: Report any instances of fraud to the authorities or your bank right away. Absolutely do not attempt to find "scam money recovery" services online, as this is another trap.

During the roundtable discussion, representatives from payment platforms and providers also shared their technological efforts to address security vulnerabilities.

Mr. Pham Le Minh, Head of Information Security at MoMo, revealed three common scam methods that the e-wallet has recorded: tricking users into installing malware to gain control of their devices; manipulating users' psychology to make them voluntarily transfer money; and tricking them into linking their wallet to a fraudster's account.

To counter this, MoMo applies real-time technical solutions. "Before processing a payment, if we detect malware or unusual activity, we will immediately issue a warning, and even block the 'cash-out' function of the suspicious account to prevent asset dissipation," Mr. Minh shared.

He also advised users that if they accidentally install malware, the safest measure is to restore their phone to its factory settings.

Regarding TikTok Shop, a platform representative stated that they removed 420,000 videos containing fraudulent content in 2024, with 97% of these being automatically detected by the platform's AI. TikTok also implemented a random checkout process to monitor the quality and honesty of sellers.

Content creator Ngoc Bamboo shared the current situation: "Nowadays, fraudsters not only counterfeit products but also impersonate people. They create fake Fanpages impersonating KOLs, run ads, and even buy more followers than the real ones to deceive buyers."

She believes that it is the responsibility of KOLs to speak out and warn others immediately upon discovering impersonation, and to guide their followers on how to distinguish between genuine and fake accounts.

At the event, experts agreed that only when the legal framework is strong enough, the technology is smart enough, and each citizen equips themselves with a "digital vaccine" of skills, can we truly "shop with peace of mind" online.

Source: https://dantri.com.vn/cong-nghe/nhung-bay-lua-dao-ai-mua-mua-sam-cuoi-nam-20251128054432613.htm