Vietnam.vn - Nền tảng quảng bá Việt Nam

Sharing with PV of Dai Doan Ket Newspaper, Mr. Ngo Minh Hieu, co-founder of Chongluadao.vn project, commented that this form of fraud is not new but just a variation of tricks that have appeared before.

Authorities and the press have been warning about this trick since 2023. Although the scenario has changed slightly, this form is still especially dangerous for unwary users, especially at the end of the year.

Screenshot 2025-01-15 at 12.30.05 — Fake bank websites used by hackers.

Accordingly, hackers often collect and buy information on black markets that trade data or search for leaked public data posted by users on Google, Facebook, Telegram, or black hat hacker forums.

A typical example: Hackers access illegal data marketplaces to buy leaked information from victims infected with malware that steals data from their computers. This often happens when users install cracked or pirated software, or are tricked into downloading files containing malicious code.

The hackers then used the usernames and passwords from the leaked data files to try to log into the relevant accounts. In some cases, they were able to gain access, allowing them to view account balances and collect additional personal information from the victims (no money transfer was possible because it required an OTP code or biometrics).

However, instead of just stopping at exploiting information, hackers often intentionally disable accounts. This is a preparation step to carry out further attacks, often more complex actions to appropriate assets or commit fraud...

Hackers use accounts (usually in Vietnam, bank login accounts can be phone numbers, login names, random numbers issued by the bank, and email addresses) and hackers use random passwords to intentionally log in incorrectly many times, causing the victim's account to be locked.

This is done on purpose, as hackers know which banks will trigger the account lock feature after a certain number of failed login attempts (even on a completely new device). Some banks use websites, while others can handle failed logins that lead to account lock through apps.

Next, they impersonate bank employees and call directly to approach victims, making convincing and fraudulent calls to appropriate assets or other important information.

Once hackers successfully manipulate the victim’s psychology with carefully prepared scenarios, they will start to lure the victim to download malicious apps through fake links or scan QR codes containing malicious code. Then they steal money from the victim’s bank account.

More dangerously, once the victim has been tricked into installing a malicious fake app on their Android device, the hacker will continue to take more sophisticated steps to take control of the device.

Cyber security experts of Chongluadao.vn recommend people:

Do not install strange, cracked, pirated software, do not download pirated movies, pirated, cracked games.
Don't save passwords in your browser, use a password manager like BitWarden, KeePassX, 1Password. Use long passwords that include uppercase and lowercase letters, numbers, and special characters.
Do not save important information such as passwords, OTP codes, PIN codes, credit card information... in the Notes app - and if you do save it, you should set security mode with password, PIN code or biometrics.
Don't click on strange links. Double-check the email address or message for spelling errors, and avoid downloading attachments from unknown sources.
Do not download files of unknown origin, especially those sent to you by strangers. For example, file extensions that often contain dangerous viruses and malware such as .bat, .apk, .rar, .zip, .exe, .docx, .xlsx, .pdf - you can check the file for viruses at Virus Total.com.
Don't be curious and never trust anyone on the internet. Always slow down and check, see more at dauhieuluadao.com
Do not enable accessibility on your phone.
Only download apps from Google Play Store (CHPlay) and Apple App Store.
Do not grant device administrator rights to applications from unknown sources.
Regularly update your operating system and security applications.
Double check permission requests from apps before accepting.
Use an authenticator app (like Google Authenticator, Authy) instead of SMS if possible.

Regularly check your login history and suspicious activity in your email, banking, and social media accounts.
Install reputable antivirus software on both your computer and phone. Enable firewalls to protect your network connection.
USB devices can contain malicious code, so only use devices from trusted sources.
Back up important data on a secure storage device or on a reputable cloud service such as iCloud, Google Drive, One Drive…
Do not save your login information on public computers or other people's devices.
Do not disclose too much information on social networks, especially information related to security such as phone number, home address, email address, friends list, relationships or security questions. (Facebook security, Zalo security).

Source: https://daidoanket.vn/gia-mao-nhan-vien-ngan-hang-voi-chieu-lua-dao-moi-10298351.html