On October 5, 2022, VietinBank warned clients about messages that contain associated links with malicious codes. Clients are asked to provide information about passwords and OTP (one time password), which allows hackers to appropriate their personal assets.
Many other banks, enterprises and agencies in the field of information security have repeatedly advised people to be vigilant against increasingly sophisticated and unpredicted online scams.
VNCERT/CC (Vietnam Cybersecurity mergency Response Teams/Coordination Center) reported that swindling via messages impersonating banks and financial institutions is increasing. Scammers not only use many mobile phone subscriber prefixes, but also forge SMS brand names to send messages to do phishing.
VNCERT/CC has updated 13 more fake domain names on the websites of many banks, including ACB, SCB, TPBank and VietinBank which were seen in phishing messages received from September 27 to October 3, including online.olinacb.com, ebanking.nnykd8.com, scb.com.vn-us.club, ebanking.tyriu2h.com, scb.com.vn-uc.club, ebanking.cdgy77h.com, ebanking.uhgkf2.com, shb.com.vn-iy.info, shb.com.vn-sp.xy, ebank.ecxty39.com, ebank.hlug1k.com, vietinbank.com.vn-uz.top, vietinbank.com.vn-uz.xyz.
In mid-September, VNCERT/CC named 32 counterfeit domain names that forged the electronic websites of some banks, including ACB, MSB, SCB, VPBank and TPBank. It also recommended people not to click links with the domain names forging banks.
Nguyen Quang Huy from VSEC (Vietnamese Network Security Joint Stock Company) said phishing attacks sometimes are not recognized
Data security still doesn’t receive the respect it should have, though most surveyed CEOs said their institutions increased budgets for cybersecurity.
Experts say that cybercriminals are becoming smarter and tend to target small and medium enterprises (SMEs) because they know that large companies have more valuable information and they have stricter information protection processes.
The expert from VSEC also pointed out users’ poor awareness of information security. “This is why in 2022, cybercriminals shifted from ransomware and returned to use more traditional attack methods, such as phishing – a form of swindling based on people’s low awareness,” Huy said.
The increase in cyberattacks and phishing cases is also blamed on the lack of a high-quality workforce. The development of IoT (Internet of Things) devices and their popular use also offers a ‘playing field’ for cyber attackers.