Never clicked on any strange link, never provided OTP verification code to anyone... but still lost money. What is the reason?
Sophisticated script, "hit" at midnight
"I lost more than ten million in just one night. Until now, I am still shocked and cannot believe that it is true," said Mr. HT (35 years old, living in Ho Chi Minh City) recounting the spectacular scam by the scammer. Being a cautious person, Mr. T. affirmed that he had never clicked on a strange link, did not provide the OTP authentication code to anyone, and did not participate in video calls that required him to reveal his face.
Yet in just a few hours in the middle of the night, the money he had saved for a long time in his bank account suddenly "evaporated".
Accordingly, at around 11pm, while Mr. T. was sleeping, the criminals started to act. They transferred money from his bank account to an e-wallet, and linked the wallet to an account on an e-commerce platform.
Then, a series of shopping transactions were made that night, but the purpose was not to buy real goods but to drain the account by "circulating money" through virtual orders, leading to the scammers.
After reviewing all the causes, Mr. T. said that the bad guys had discovered his e-wallet password because he had set up a password that was easy to remember, and especially did not enable 2-factor authentication.
"This amount of money is huge for me. I share it to hope that more people will be more careful," said Mr. T. At the same time, he learned from experience that in the entire chain including bank account - e-wallet link - link to account on e-commerce platform, it is necessary to set up as many security layers as possible to limit risks.
In another case, Mr. THVinh (25 years old) said that his account was robbed of nearly 9 million VND, also at night. When he calmed down, he remembered that a few days ago he had installed an application called Clean..., which was introduced as a junk cleaning software, helping the phone to have less capacity and run smoother.
Finding it attractive and free, he downloaded it from a strange website. After installing, the phone showed signs of slowing down, overheating quickly and draining the battery quickly, but because he was traveling, he thought it was an objective error. As a result, Vinh's phone was infected with malware, from which the bad guys took control remotely and stole money from the victim's account.
"It's best to never install unclear applications, especially from online advertisements," Vinh warned.
Ms. Nguyen Duong Thuy Linh (35 years old, Ho Chi Minh City) used to regularly shop on international websites and used a credit card to pay online. Recently, she discovered that her account had been deducted more than 15 million VND.
"I was shocked and immediately alerted the bank," she said. After checking, she discovered that while filling out information on a strange website, she had accidentally saved card information such as card number, CVV security code and expiration date.
"This is a big lesson. When paying online, you should never let your browser or application remember your card information. It's better to re-enter it next time than to lose money," said Thuy Linh.
Choose a reputable service
To ensure safety and minimize risks when connecting bank accounts to e-wallets or direct payment services, experts in the field recommend that users should only connect bank accounts to reputable e-wallets, licensed by the State Bank, and have achieved many international certificates on information security management.
To enhance security, HDBank representatives recommend that users always enable two-layer authentication for both bank accounts and e-wallets.
HDBank experts note a few more measures: make sure your phone and applications are always updated to the latest version; do not enable the password memory feature on strange devices; avoid using public WiFi or strange devices to log in to your e-wallet.
In addition, you should carefully read the privacy policy and terms of use before granting access or linking an e-wallet to a bank account.
Experts recommend that customers can use a sub-card or sub-account (such as a debit card or a separate account just to link an e-wallet), with a balance just enough to spend to reduce risks if there is a problem. In addition, users should periodically check the e-wallet links or services that are connected to the bank account. If you no longer need to use it, proactively disconnect it.
To deal with increasingly sophisticated fraud, banks are stepping up security upgrades. Typically, Sacombank uses 3D-Secure 2.0 authentication technology combining risk analysis (RBA) and biometrics via the mSign application, allowing transaction authentication without SMS OTP codes, reducing the risk of code theft.
Meanwhile, Vietcombank has invested heavily to upgrade its Digibank digital banking system, with many changes to enhance security. The facial authentication feature (Facepay) will automatically lock after many consecutive incorrect entries, preventing unauthorized access. In addition, the bank has also completely removed links in emails sent to customers to prevent fraud.
Regarding the e-wallet, speaking with Tuoi Tre , a MoMo representative said that users need to log in with a password or biometrics (fingerprint, facial recognition) to access their wallet account. In case the device is lost or falls into the hands of someone else, transactions on the MoMo wallet cannot be performed without passing the required authentication layer with a password or biometrics.
According to MoMo, users should choose e-wallets or payment intermediary services equipped with advanced technology, meeting international security standards. For example, applications that comply with electronic identification regulations (eKYC) help prevent the creation of fake accounts and enhance system security from the root.
Currently, some e-wallets in Vietnam can meet more than 300 strict criteria on encryption, access control, network security and real-time transaction monitoring to achieve PCI DSS version 4.0 security certification - the highest global standard for payment data processing organizations.
Biometric authentication is considered the safest measure to protect trading accounts - Photo: QUANG DINH
Total damage in 2024 is estimated at about 18,900 billion VND
According to the National Cyber Security Association, by 2024, on average, 1 in 220 smartphone users in Vietnam will be a victim of online fraud, leading to an estimated total loss of about VND 18,900 billion. The tricks do not stop at attractive investment invitations, but are also more sophisticated when many people have their personal data leaked, and scammers quietly withdraw money from their accounts.
Risks of linking e-wallets to bank accounts
Ms. Thu (HCMC) said that she recently discovered many withdrawal transactions taking place in the middle of the night, when she was sleeping soundly. After checking and thinking carefully before going to the bank, she realized: bad guys took advantage of the feature of linking e-wallets to bank accounts.
When linking, the system sends an OTP authentication code to the owner's phone number. Previously, a customer came to her grocery store to buy goods, pretended to borrow the phone and called an acquaintance, but the real purpose was to wait for the OTP message to be sent and steal that code.
After having the OTP code, the scammer can easily link the wallet to the bank account and make transactions to steal money, even without knowing the password or logging into the account. "Avoid lending your phone to strangers, especially when you have just received a message from the bank," Ms. Thu emphasized.
VIRTUE - PLUM BLOSSOM
Source: https://tuoitre.vn/nhung-giao-dich-ma-tren-tai-khoan-khi-chung-ta-dang-ngu-20250623075257765.htm
![[Photo] Prime Minister Pham Minh Chinh holds meeting to launch exhibition of national achievements to celebrate 80th National Day](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/6/23/0c0c37481bc64a9ab31b887dcff81e40)
![[Photo] Party Congress of the Central Internal Affairs Commission for the 2025-2030 term](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/6/23/5bf03821e6dd461d9ba2fd0c9a08037b)
![[Photo] Conference to disseminate the implementation of the Plan to promote digital transformation to meet the requirements of restructuring the political system's apparatus](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/6/23/4744403cccd144b79086799e2ceb686e)
Comment (0)