Why are old scams still effective? - Part 2: Technology pushes old scams to new levels of sophistication

Modern technology turns “old script” into new danger

According to a report by the Cyber ​​Security and High-Tech Crime Prevention Department (A05 - Ministry of Public Security ), in the first eight months of 2025, Vietnam recorded more than 1,500 online fraud cases, causing losses of approximately 1,660 billion VND.

During the same period, the authorities discovered 4,532 malicious domains, an increase of nearly 90% over the same period. The majority of them served sophisticated tricks such as impersonating banks, impersonating police agencies, appropriating OTP codes or using deepfakes to lure victims. These figures show that online fraud has not only increased in number but also changed significantly in methods, as cybercriminals have turned to high-tech applications to amplify the effectiveness of their attacks.

According to cybersecurity experts, deepfakes, fake videos , and voice impersonations are becoming the primary weapons of many scam groups. Previously, users could rely on spelling errors, sloppy interfaces, or unnatural-sounding dialogue to suspect fraud. However, with current impersonation technology, these anomalies have almost disappeared. Video calls impersonating relatives to borrow money urgently, investment offers from fake accounts impersonating celebrities, or warnings to "verify your account immediately to avoid service suspension" are all executed smoothly, playing on users' panic.

Notably, the danger lies not only in authenticity but also in the speed and scale of automation. The discovery of more than 4,500 malicious domains in a few months shows that cybercriminals are capable of creating a series of fake websites, constantly changing domain names to avoid control. This turns phishing campaigns from discrete activities into large-scale networks, operating in an "industrialized" way, targeting thousands of people at the same time.

According to the National Cyber ​​Security Association (NCA), many current fraud campaigns are deployed as a chain: from collecting data, creating scenarios, producing deepfake videos to spreading through messages, emails or social networks. In that context, the rapidly developing online transaction environment gives criminals more "room to perform". In fact, e-commerce and digital payments will grow strongly in 2025, with millions of transactions made every day.

Mr. Vu Duy Hien, Deputy Secretary General and Chief of Office of NCA, said that the end of the year - the peak shopping season - is also the time when fraudsters are most active. Tricks such as impersonating big brands, pretending to be e-commerce platform employees, offering "shocking sale - virtual cashback" promotions, deceiving payments via e-wallets or using deepfake videos to create trust have been recorded to appear frequently.

In the context of users becoming increasingly familiar with online transactions, a well-designed interface, an urgent notification, or an attractive offer are all it takes for familiar scams like account verification requests, top-up voucher offers, or quick cashback to continue to be effective. Modern technology doesn't create new scams, but it makes old scenarios more convincing than ever.

The underground economy behind the scams

Behind seemingly isolated fake links, malicious files, or deepfake clips, experts believe there is a large underground economy operating like a real industry. This is the main reason why familiar scam scenarios continue to be profitable and constantly reappear under new guises.

One of the pieces that clearly shows this is the underground labor market on the dark web, which was just announced by Kaspersky at the end of November 2025. The report shows that the number of job applications and vacancies on underground forums doubled in the first quarter of 2024 compared to the same period in 2023 and continued to maintain a high level in 2025. Notably, the average age of applicants is only 24, reflecting the trend of young people being drawn into the illegal job market due to economic pressure and the attraction of quick income.

According to the report, 55% of applications came from people willing to do “anything for the money”, from programming, writing malware, creating phishing pages to running fraudulent campaigns. The most popular positions were directly related to the phishing attack chain: Attack tool developer (17%), penetration tester (12%), money launderer (11%) and payment data theft and trading team (6%).

Based on this clear career structure, cybersecurity experts assert that phishing campaigns are no longer fragmented but operate according to a business model with specific roles, targets, and salaries.

Income in the underground market also reflects the strong attraction of fraud activities. Reverse engineers can receive 5,000 USD/month, penetration testers about 4,000 USD, programmers 2,000 USD. Those who participate in money laundering or lure victims to malicious websites receive 20-50% of the total amount of money stolen. With such high profits, it is understandable that criminals continue to reuse old scenarios but "enhanced" with technology: Low cost, low risk but high profit.

Mr. Vu Duy Hien said that in many cases, criminals only need leaked data such as emails, phone numbers, and customer lists to be able to deploy a series of messages, calls, and fraudulent links. This data source is openly bought and sold on the dark web, creating conditions for foreign criminal groups to approach Vietnamese users without the need for complex technical attacks.

Kaspersky expert Alexandra Fedosimova warned that the dark web job market “is luring young people with the promise of high incomes and quick hiring, but most are unaware of the legal risks and long-term consequences.” Worryingly, the explosion of a young workforce on the dark web will lead to an explosion of large-scale fraud campaigns, because “the more people there are, the more capable criminal groups are of mass-producing fraudulent content.”

This shows that criminals do not reuse old scripts because of lack of creativity, but because the dark web ecosystem provides enough human resources, tools, and data, helping familiar tricks operate more effectively than ever. As the underground labor force becomes younger and more professional, scam campaigns continue to expand in scale, making users easy targets despite repeated warnings.

Last article: Be alert to scams