'Hitting' the psychology of being charged fees - a new trick to defraud accounts
Recently, many users have shared screen shots of text messages (SMS) impersonating some banks such as SHB, MSB,... announcing advertising fees on TikTok.
The message content is as follows: "Your account has registered for an advertising program on TikTok, with a monthly fee of 3,600,000 VND, please go to the link https://shb.vn-ibs.xyz to check or cancel".
Similarly, some customers of MSB Bank also receivedmessagewith the content: "Your account has registered for the advertising program on TikTok, with a monthly fee of 2,250,000 VND. Please go to https://msb.vn-cvs.top to check or cancel".
 |
| A series of fake bank messages and recommendations from Vietcombank. |
The above messages are all sent in the same section as the real messages from the bank, and the website name is also similar to the domain name of the banks. This makes many users not suspect and think that this is a message sent by the bank. However, if users look closely, they will realize that the link to the bank's website in the message has additional characters different from the bank's domain name.
This is a new, more sophisticated trick. Specifically, over the weekend, a series of Vietcombank customers received a message with the following content: "Your VCB Digibank application was detected to be activated on a strange device. If you did not activate it, please click http://vietcombank.vn-vm.top to change the device or cancel to avoid losing assets". Immediately, Vietcombank issued a warning.
Accordingly, Vietcombank said that this link leads to a website that fakes the login interface of the VCB Digibank application to get customer service information to steal money in the account. This fake message contains unusual links such as: vietcombank.vn-cbs.xyz; vietcombank.vn-cbs.pop; vietcombank.vn-ms.top…
"Vietcombank does not send SMS messages with links to log in to VCB Digibank services. Messages with links to log in to the service are all fake. Please be especially careful not to click on the link if you receive a message with similar content as above" - Vietcombank recommends.
Similarly, MSB also recommends that customers prioritize using the MSB mBank application; only log in to e-banking on the MSB mBank application or website: ebank.msb.com.vn; do not enter passwords, OTP, PIN codes, activation codes at strange links. When encountering suspicious phenomena, immediately contact the bank hotline for support.
MSB also warns that fake messages are saved in the same folder as real bank messages on the phone and often have content such as: Notification that the account has unusual transactions abroad that need to be verified; or The account is temporarily locked... and all require customers to access the attached link.
This link leads to a fake website with the same interface as the bank's website, asking customers to enter their Internet Banking login name and password along with the OTP code. If done, the scammer will get the password and OTP to steal money from the customer's account. MSB affirms that it never asks customers to provide login information, passwords, OTP in the above form.
In fact, the form of bank message fraud - SMS brandname is not new. Fraudsters will use specialized equipment, fake BTS broadcasting stations, bring them to crowded areas to send a large number of messages to subscribers who are within the device's coverage area. Because fake messages are placed in the same stream as real messages from the bank, it is difficult to distinguish and easy to be fooled. This trick has been going on for many years but until now there has been no effective solution to prevent it.
"Fraudsters often place their devices in crowded places such as traffic light intersections, shopping malls, and entertainment areas, so the number of messages sent is huge, up to tens of thousands of messages per day with just one device. This type of fake broadcasting device is small in size, easy to install and move, so it is very difficult to detect and handle," said Mr. Vu Ngoc Son, Technical Director of Vietnam National Cyber Security Technology Company (NCS).
Faced with the sophisticated transformation of scammers, experts recommend that consumers remain vigilant in order to protect themselves. Accordingly, whenever you receive a message asking you to access a link, the first thing to do is to stay calm and check whether the link is fake or not.
In fact, the links in scam messages are often very different from the links of official agencies, organizations, businesses, and banks. If consumers are careful, they can easily recognize them. "A basic rule is that users should not click on any strange links or rush to transfer money. They should slow down to verify to avoid losing money," security expert Ngo Minh Hieu recommended.