Customers falling for fake bank clerk phishing scam
Customers falling for fake bank clerk phishing scam
Banks' customers are being targeted by new phishing attacks by criminals posing as bank officials and asking customers for their one-time password (OTP).
Sharing with VIR, Doan Tran Tuan Tu, the owner of a travel agency and a Techcombank customer, said that recently a woman sent her information to book tickets through Facebook together with the picture of the passport, visa, and bank card of her husband and her children to earn his trust.
The woman said she will transfer money through Western Union to pay for the tickets and sent a link named chuyentienquocte for Tuan Tu to log in. Afterwards, a stranger called Tu claiming to be a bank staff and asking Tu to provide his OTP and email address to receive the money. Right after Tu gave them the information, his bank account was nearly completely drained (VND9.9 million – $430.43).
Similarly, Nguyen Thi Hong Nhung, a Vietcombank customer, also revealed that in the middle of this August, a person claiming to work for Vietcombank called to announce that a sum was sent to her account but is suspended. They asked Nhung for information to complete the transfer, including her OTP. A friend of Nhung also lost VND15 million ($652.17) by falling victim to the same phishing attack.
Banks and authorities have been warning customers against this type of phishing on social networks. Travel agents have also been sharing their experience at social network groups, telling each other that if a unkown third party or a web link is involved or their OTP is required, the transaction is a scam.
Most recently, on August 22, the Quy Nhon police received a report from a Vietcombank customer. Accordingly, right after he transferred VND70 million ($3,043) to his wife, a stranger called him to announce that his wife returned the money due to some errors and asked him to give his information to receive the money. The customer did not agree, after which the stranger asked him to provide the codes given by the customer support to confirm his identity. The customer was caught off-guard and gave his OTP to the stranger, after which his bank account was almost totally zeroed down, losing VND10 million ($434.78).
According to Can Van Luc, a financial banking expert, in case customers reveal confidential information, the “firewall” of the bank will not be able to detect the breach. In fact, Luc said that customers are still naive and do not secure their private data well, and let others borrow their accounts to trade. Therefore, in order to prevent risk, besides investing in banks' security technology, customers themselves also need to enhance their awareness about security.
Nguyen Thanh Long, deputy general manager of VPBank, said that with the development of technology, banks are also trying to fight off scams of increasing sophistication, and are screening out a growing number of attempts where the criminals impersonate bank officials asking for customers' OTP to appropriate their assets and damage the bank’s prestige.
In fact, banks like VPBank in their warning messages sent to customers also advise them “not to provide their OTP to anyone, even bank officials”. Nevertheless, many customers neglect this advice and lose money as a result.
After losing money from their accounts, customers turn to the bank and are then promptly advised to call the police. There is little chance of finding the money as the cheaters usually withdraw all of the money as soon as possible.
Experts recommended that as digital banks develop, fraud attempts are also becoming more sophisticated and elaborate. In particular, small businesses and online sellers are a favoured target. In order to protect themselves, bank account holders must also improve their financial knowledge and follow stricter security principles, especially regarding their pin codes, access passwords, OTP, and email addresses. If they provide information to a third party, they are giving the key to the thief on a silver platter.