There are only two ways to set up biometrics

According to Decision 2345/QD-NHNN of the State Bank on implementing safety and security solutions in online payments and bank card payments, banks have been supporting customers to collect and register biometrics in two forms:

Firstly, for customers who already have a chip-embedded CCCD and a phone that supports NFC, customers can proactively perform it on the digital banking application (the bank's official app) from the "Update biometrics" feature.

Second, for customers who do not have a chip-embedded ID card or whose device cannot be used on the online banking application, customers can go directly to the bank's transaction points for support.

Banks recommend that customers only register for biometrics in one of the two forms above. Any instructions other than these two forms are fake. Banks do not require customers to provide any information related to access, password, OTP authentication code, etc. to register for biometrics.

However, taking advantage of the fact that banks collect biometrics, scammers impersonate bank employees to help update this operation for users.

Agribank supports customers to register biometrics.jpg
Customers register for biometric authentication at an Agribank transaction point. Photo: Agribank

Some common fraud methods being used by criminals include:

Contact customers by calling, texting, making friends via social networks (Zalo, Facebook,...) to guide the collection of biometric information.

Creating confusing nicknames such as "bank employee", "customer support"... and interacting with customer comments under posts on the bank's official social networking site, asking for private contact (inbox) to lure and scam customers to get their information.

Customers are asked to provide personal information, account information, ID card images, facial images, etc. for support. The subjects even request video calls to collect additional voice and gestures.

Customers are advised to access a strange link to download and install the biometric collection support application on their phones.

After obtaining customer information, the subjects will proceed to appropriate money in the customer's bank account.

Banks warn that customers should absolutely not provide personal information via channels such as phone calls, SMS messages, emails, chat software (Zalo, Viber, Facebook messenger, etc.). At the same time, absolutely do not click on links, do not provide account security information, digital banking services (login name, password, OTP code), card services (card number, OTP code), account information or any other banking service security information, personal information.

Customers should not share personal information, banking service information, banking transaction information... on social networks to avoid being taken advantage of by scammers impersonating banks/bank officials to contact, request support or request information to commit fraud, defraud and appropriate money in the account.

Say no to strange apps

Regardless of the initial approach, the most common method of scammers is still to instruct victims to install fake applications (fake apps) containing malicious code, in order to steal information and appropriate money in customers' accounts.

Besides fake banking apps, some fake apps have been recorded such as: Fake public service apps, fake VNeID apps, fake government apps, fake tax agency apps, fake Ministry of Public Security apps,...

The subject contacts and lures users with some common scenarios such as: Identification information on the system is not synchronized; electronic household registration book is overdue; VNeID level 2 identification support; download the app to get a queue number in advance, no need to wait when going to the district police to do the procedure; go to the district police to update driver's license information;...

Fake public service app.jpg
Image of fake Public Service app warned by Vietcombank to customers.

The subject sends links and asks people to access them to download and install applications containing malware on their phones. Some recorded fraudulent links are: dichvucong.dulieuquocgia.co, dichvucong.bvgov.com, dichvucong.govn.com, dichvucong.bcagov.com,...

Fake apps ask customers to install apps from unknown sources and grant high-level device access permissions (read messages, control the phone remotely,...).

According to authorities, signs of fake apps are usually when the app is not installed from the app store (App Store, CH Play) but through a link instructed by the scammer; cannot operate on the device screen (black screen or frozen); the device runs slowly, gets hot, and the battery runs out quickly after installing the app; the app automatically turns on even when not in use;...

Therefore, authorities recommend that people be especially vigilant when receiving calls from "authorities" and requests to install the application;

Only install applications provided by trusted developers from the App Store (iOS) and CH Play (Android) app markets;

Absolutely do not install applications via links sent via Zalo, SMS, Viber, etc. and messaging software or via links provided by others;

Perform a factory reset on your phone immediately if you detect strange signs on your phone (the phone runs slowly, the screen is black, there is a notification that the application is requesting access, strange apps appear on the phone, the phone is hot, the battery runs out quickly);

Update your banking app to the latest version and register biometrics for added security.

Banks warn of tricks to pretend to support biometric installation to commit fraud . Taking advantage of the situation where many customers have difficulty with biometric authentication, scammers have impersonated bank employees to support biometric installation with the purpose of stealing user information to appropriate assets.