Paying via a QR code in Aeon Mall in Tan Phu District of HCMC (Photo: SGGP)
Accordingly, the 24 scamming types are divided into three main groups of brand counterfeiting, account appropriation and other combined forms. The most common tricks are ‘cheap-priced package tours’, Deepfake and Deepvoice video calls, ‘SIM locking’ due to not verifying account data, impersonating teachers or medical staff to ask for money transfer to save relatives in medical emergency, impersonating bank officers to steal bank account data.
These tricks mostly aim at the senior, children, students, manual workers, officers. Therefore, increasing awareness about those scams and information security in cyberspace is a necessity for healthier Internet space and more sustainable growth of a digital economy and society in Vietnam after the digital transformation process.
Fraudulence via QR code scanning has recently increased in Vietnam. The community should verify the code carefully before scanning it, especially those posted at public places or attached in an email, a message. There are cases where a fake QR code is glued over a real one, and when paying money via this wrong code, consumers unintentionally send money to criminals. To avoid that, several shops only display their genuine QR code for payment at the cashier counter.
Many banks in Vietnam have also warned of credit card scams through QR codes. After befriending a victim on social network sites, criminals send the victim a QR code that links to a fake bank website. When entering personal information (full name, citizen ID number, account name, password, or OTP), the victim accidentally has the bank account stolen.
Other places convenient for the spreading of a harmful QR code are message applications, forums, social network groups, livestream sessions. These codes might lead people to gambling websites or malware.
QR codes are actually not any kinds of malware to directly attack users. Instead, they are merely an intermediary to transmit some content. Therefore, it depends on how Internet users themselves respond when detecting suspicious content with QR code scanning.
Statistics from the Payment Department under the State Bank of Vietnam reveal a remarkable growth of QR codes for payment as to value and quantity. In 2022, this growth rate was over 225 percent and 243 percent in number and value respectively. The figures for the first 5 months of 2023 were 151 percent and 30.4 percent compared to this time last year.
Therefore, the Information Security Authority warns that consumers must be extremely careful when scanning QR codes to pay money, particularly those posted at public places. It also asked that QR code providers deliver suitable notices to customers and timely adopt measures to verify transactions if they show suspicious signs. Meanwhile, QR code users should frequently check the genuineness of the code posted at their place.
Another infamous scamming trick is OTP stealing. The Payment Department under the State Bank of Vietnam has just sent Dispatch No.4893/NHNN-TT to credit organizations about fraudulence tricks to steal OTPs and bank accounts. Accordingly, criminals impersonate bank officers to call victims for the purpose of checking the account balance. When the victim provides the number on the domestic debit card, the criminal mentions an OTP to be sent to the victim and asks for this series as well. Giving this OTP means a loss of the bank account to the criminal.
Criminals also usually develop a fake bank website to receive feedback and answer questions from bank clients. These sites are actually a method to collect personal data and payment history of a bank account.
Yet another trick is when criminals send a fake email or message to bank customers, saying that their bank account shows signs of abnormal activities and instructing these customers to change their password via the provided link. By that, the criminals know the confidential information of the victim to steal money from the bank account.
The public are warned that under no circumstances should they provide the account name, password, OTP, and personal data of their bank account, social network accounts to strangers.
The Vietnam Information Security Warning Portal shows that in 2022, there were 13,000 online scamming cases in two main groups of stealing personal data (accounting for nearly 25 percent) and financial fraudulence (75 percent). The former is the first step to carry out the latter, with the ultimate purpose of taking away property of victims. The tricks take advantage of the gullibility of certain people, a lack of information updates as well as greed of others.
Statistics from the Information Security Authority (under the Ministry of Information and Communications) reveal that online fraudulence in Vietnam in the first 6 months of this year saw a rise of 64 percent compared to this time last year.
By Kim Thanh – Translated by Huong Vuong