Scammers steal information, money on first days of Year of the Cat
The digital bank Cake has recorded many cases where scammers impersonated digital bank officers asking users to provide information about card numbers, CVC2 codes and OTP codes.
In most cases, swindlers forged official fanpages and told victims to follow their instructions to receive gifts, or they impersonated officers and told users to conduct operations to increase credit limits or open new cards.
In general, users were told to download apps, open credit cards and provide card screenshots or OTP for checking. In some cases, victims were told to transfer money into certain accounts to open deposit accounts. After getting information about cards, scammers conduct transactions to get money and then stop communications with users.
The other method used by scammers involved sending messages to victims, saying that they needed to recruit collaborators. The subjects sent links to victims so that the victims registered accounts and guided victims how to buy goods. After the users transferred money and made payments, they stop communications.
Cake recommended that users not buy and sell goods on e-commerce websites with collaborators or online officers.
Users have been advised not to provide information on strange links sent via SMS, Zalo and Facebook. They also should not share screenshots with information about card numbers, CVC2 codes or OTP to any subjects or any links, including those who introduce themselves as bank officers or policemen.
Ngo Minh Hieu, a well known security expert, said a campaign spread malicious links to collect information by forging sale promotion of some famous brands, especially Sai Gon beer, during Tet. The tricks are similar to the forging of lucky draw programs of Coca Cola, Rolex and Coopmart which had occurred in the past.
The forged websites mostly contain images and logos of brands associated with sale promotions, but they have unusual suffixes such as “.xyz”, “.top”, “.online”.
When victims click the malicious links, information about their devices and their IP addresses are collected. The messages containing strange links are automatically sent to victims’ friends.
If victims visit fake website links and provide additional personal information, scammers have more tools to use for wrong purposes.
This is an intentional attack campaign which exploits users’ interest in sale promotion programs and gifts.
The forged brands during Tet were mostly beverage brands. Internet users have been told to be vigilant and not provide any personal information or access strange links.