Bank impersonation tricks, lose money in the blink of an eye

People warn each other about new scams impersonating banks

“Redeem accumulated points to receive gifts”

Criminals use fake broadcasting devices (IMSI catchers, also known as fake BTS stations) often disguised in cars, they move near BTS stations located at banks to spread messages impersonating some major banks... to steal information and money in user accounts.

This device emits a stronger signal than the real base station, causing phones in the area to automatically connect and receive fake “branded” messages. The message content is designed to be very convincing, with the bank’s display name, along with a strange link. When the user clicks on it, a fake bank interface appears, asking them to log in or enter an OTP code, from which the “hacker” takes full control of the account and steals money.

One of the popular tricks today is “exchanging accumulated points for gifts”. The message often has content like: “You have accumulated 10,000 points, please visit the link to redeem gifts for iPhone 15 Pro, Smart TV…”. Because the message displays the correct bank name and attractive content, many people are caught off guard and fall into the trap.

Mr. Hoang Quoc Huy, residing in Thuan Hoa ward, shared: I received a message from Vietcombank informing me to exchange points for an iPhone 15 Pro. Seeing the correct bank name, I trusted it. After entering the information as instructed, my account was deducted 7 million VND. I called the switchboard to find out that the bank did not have such a program. The bank's switchboard staff said that all programs to exchange points, receive gifts, and promotions are announced via the official application or the bank's website, and never send links via SMS. This is a trick of faking brand messages, taking advantage of customers' trust to appropriate property.

From “locking credit cards” to providing OTP codes

Not stopping at the trick of "exchanging points for gifts", the scammers also impersonate bank employees, calling to inform customers that their credit cards have not been activated or have not been locked, warning that "fees will arise and high interest rates will be charged" if not handled promptly. Because they already have accurate information about name, age, address, card limit... so when "threatening" and manipulating psychology, if not locked in time, they will accidentally become debtors, so users still think they are real bank employees, thereby losing their vigilance.

After making the victim panic, believing it is real and wanting to lock the card as soon as possible, they send a fake link with the reason of "confirming card lock" or "verifying information", in fact, installing malware, taking control of the phone, stealing OTP code to steal money in the account.

Ms. Hoang My Huong, My Thuong ward, received a call claiming to be from the " VietinBank Support Center" staff, threatening that if Ms. Huong did not use her credit card and did not complete the card locking procedure, the annual fee would be up to millions of dong. "Although I received a credit card when I participated in the loan, I did not use it so I did not activate it. When I heard the fake staff read out the completely identical information, I was not on guard. Worried that there would be fees, I was also eager to lock the card. So I followed the instructions, clicked on the link to "lock the card", and just a few minutes later, the entire amount of more than 2 million dong in my payment account was withdrawn," Ms. Huong said.

Authorities warn that this is a pre-planned scam, preying on people's fear of losing money, especially information about "huge" interest if they have some debt on their credit cards, even if it is a small debt. Once the victim provides the OTP code or logs into the fake site, the bad guys immediately withdraw money or transfer virtual money to e-wallets.

Although the authorities have actively increased propaganda and instructed people to identify bank impersonation tricks; banks have warned that they will never ask customers to provide OTP codes or access links outside the official application, not everyone has time to update new fraud tricks.

Victims need to share widely when they know of new scam tricks to be vigilant together. Each citizen absolutely should not click on any link in a strange message, even if the message displays the name of the bank. Do not share OTP codes, login information, card numbers or passwords with anyone, including people claiming to be bank employees. Check the website address carefully: official websites of banks always have the suffix .vn or .com.vn, displaying a security lock icon. When suspecting fraud, immediately call the bank's switchboard, temporarily lock the card or account, and report to the police. People should also not install strange applications, games or utilities of unknown origin, because they may contain malicious code that allows bad guys to access the phone, read messages, including OTP codes.

Along with the efforts of authorities and banks, people's vigilance is the first and most effective "shield" to prevent high-tech crimes.