VCS has warned about a fraudulent campaign to swindle users out of information about their credit cards, targeting clients of banks and institutions in Vietnam.

The unit said since late 2022, Viettel Threat Intelligence has supervised, warned about, and prevented a high number of websites from using various fraudulent forms related to credit card services, such as card limit lifting, registration and cancellation.

From December 2022 to the end of June 2023, VCS’s system detected 190 phishing domain names used in phishing attack campaigns, most of which were international domain names with the suffixes of ‘.com’, and ‘.online’. 

Experts believe that the number of the domain names to be used in phishing attacks targeting credit card holders of Vietnam’s institutions and banks will continue rising in the time to come.

The special feature of the recent scam campaign is that the domain name usually contains keywords such as ‘dichvu’ (service), ‘canhan’ (individual), ‘uutien’ (priority), ‘visa’, or contains abbreviated names of banking institutions.

The campaigns comprise many attack spells, each of which lasts about one month. During that time, about 3-5 new domain names are created a day. 

The domain names don’t use the same IP addresses, but they are distributed on different IP addresses, thus making it more difficult to supervise and discover them.

In general, the longevity of the domain names is short, just 3-4 days. In some cases, when suspected subjects are discovered, the infrastructure of domain names will be disconnected.

Regarding the form of attacks, VCS experts said many groups and individuals on social networks have been offering to sell services for withdrawing money, or maturing credit cards by swiping cards through POS machines. This is not a legal mode and many risks exist.

In general, swindling is conducted with four steps. First, scammers create posts on social networks with content about the service to support to upgrade credit card limits, promising automatic approval and disbursement within the day. If users believe in the posts, they contact the subjects.

After that, the subjects call and send messages to victims, saying that they are officers of banks and then send supporting information.

They then send links that lead to fake websites. Once victims log on to the fake websites, they are asked to provide personal information and to share OTP.

Finally, after getting information about victims’ credit cards, scammers use the information to make payments for online transactions and to appropriate assets.


Van Anh