By Luu Quy April 5, 2023 | 08:51 am GMT+7 e.vnexpress.vn
A fake website that masquerade as the Viecombank banking app. Photo by VnExpress/Luu Quy
Vietnamese citizens have been reporting fake text messages with user interfaces nearly identical to official apps and websites that ask recipients to provide bank information.
Bui Huyen from Hanoi said she nearly lost around VND280 million ($11,930) after receiving a scam text message from a number identified as “Vietcombank.”
The message came on Saturday last week, telling her that her VCB Digibank banking app had been logged into on an unknown device. The message provided a link to log into her account.
Huyen immediately clicked the link to secure her account because the text appeared on an official SMS thread from Vietcombank, so harbored no suspicions.
“The interface for logging in was identical to the app I often use, so I entered my account name and password as requested,” Huyen said.
Just as she was about to “log in”, she realized that the interface was supposed to belong to an app, not a website. So she took a second look at the domain name and saw the “.top” part in the URL, which was not supposed to be there.
“Then I suspected I was being tricked, so I turned on my app, transferred all my money to another account and called the hotline. I realized I was being scammed, but could have lost all my money if I had entered my information and the OTP code,” she said.
Ngo Minh Hieu, founder of the Anti-Phishing project, said phone users in Vietnam have been receiving similar messages recently. This scam involving the use of copycat logos and interfaces from financial institutions has been around in Vietnam since 2021 and is making a comeback.
“Bad actors know how afraid people are of losing money, making them more susceptible to tricks asking them to follow instructions. If one accesses a fake website and enters their information, they will lose their account info, password, money and other kinds of data, like phone numbers, locations and IP addresses,” Hieu said.
Scams of this type may include website domains like “bankname.vn-a.top”, where criminals can insert the names of different banks into the URL. It is then easy for people to think it’s a legitimate website and many are likely to fall for the ploy, Hieu said.
Fake SMS are usually disseminated through fake base transceiver stations (BTS) for delivery to people’s phones. Criminals use the same bank brand names on messages that are grouped together within the same thread as other legitimate messages, making it more likely that people would believe them.
“If you receive this message, it means that the scammer is in close proximity with you,” Hieu said.
On Monday, several banks, including Vietcombank and MSB, warned users about the scam. Banks and security experts recommend people only access official websites and banking apps, and not to click on any suspicious links.