View
bg-orb

Consumer Social Intelligence Safety and Security Report 2024

Key Topics

Vietnam (EN)    |   01 Oct 2023 - 31 Mar 2024

Payment methods

Bank Cards Conversation

Vietnam (EN)    |   01 Oct 2023 - 31 Mar 2024

Warnings on sharing of OTP, unsolicited credit card calls and linking digital wallets to bank accounts.

Share of Voice Bank Cards

N=7.8k

This chart shows the number of posts from the main search query that mentions specific bank cards and the % of conversations related to each type of card. Shares/reposts are included. The % change in volumes is compared to the previous six months.

Vigilance and Prevention Techniques

  • Consumers warn each other about unsolicited credit card calls

    People warned each other of instances of unsolicited calls after opening up a credit card. Fraudsters asked them for personal financial information with promises to increase their credit card limits.

  • Contact your bank to verify offers and avoid impersonation scams​

    Consumers spoke about fake credit card offers, where they were contacted by someone posing as an approval officer. The scammer asked the victim to transfer a sum of money to open up a credit card. Social media users discussed that calling back your bank is a good way to verify such offers.

  • Risk of sharing OTP​

    Bank spokesperson emphasizes never giving OTPs to third parties. Incident example: Fraudsters stole nearly 60 million dong after a bank customer shared their OTP. The victim believed the call requesting the OTP was genuine after visiting the bank's branch. Forum commenters generally blame the victim for revealing the OTP.

  • Avoid linking digital wallet to main bank account​

    News of fraudsters accessing a customer's bank account led to a discussion where credit card users were advised to avoid linking their digital wallet to their main bank account and maintaining a low balance in their account, linked to a digital wallet.

What People Are Saying

"I rarely asking for this on here, but someone stole my credit card and made a $635 payment unauthorized. I have locked and reported the bank to no avail.... I want to give an update to this: Apparently this transaction was the result of a massive [airline name] data leak which including all of my information. I am so furious about this, yet my bank unable to chargeback."

"In the early afternoon, I went to report to the bank and they sent it for review and confirmed that I had personally transferred the money to someone else. How could I have suddenly lost it? The updated system showed that I had transferred 100%. I didn't receive any OTP message, how can I transfer it??? The bank confiscated my phone to check and unlink all digital wallets. I took one more step and went to the district police to report the incident faster.”

"Out of 100 people, only 1 person would be foolish enough to provide the OTP. Why are people suspecting a staff member who couldn't obtain anything? Endangering their career, could end up in jail because of the trust that person has given with the OTP?"

Bank Cards - Fraud Types Conversation

Vietnam (EN)    |   01 Oct 2023 - 31 Mar 2024

Discussions centered on Facebook and Zalo messaging app credit card scam, e-commerce scam and loan fraud by fake credit officer scams.

Share of Voice Bank Cards - Fraud Types

N=2.5k

This chart shows the number of posts from the main search query that mentions specific fraud types within the bank cards conversation and the % of conversations related to each type of fraud. Shares/Reposts are included. The % change in volumes is compared to the previous six months.

Scam Types

  • Facebook scam targets credit card applicants​

    A consumer was scammed out of 30 million dong after responding to a fraudulent credit card ad on Facebook. As part of the scam, he was asked to provide an OTP and bank account details, supposedly as part of the credit card opening process.

  • Zalo impersonation scam targets credit card applicants​

    A consumer reported being called about opening a credit card and was contacted on messaging app Zalo. The scammer sent them a falsified bank ID to impersonate a bank employee. The victim contacted the bank and that was how they found out that it was a scam attempt.

  • News about an e-commerce scam makes waves online​

    A couple lost 1.3 billion dong to an online scam promising commissions from selling items on a popular online store. Targeted by a Facebook scammer, they were tricked into paying warehouse fees for fake shipping.

  • Credit officers' loan fraud and fee scam discussion​

    Forum participants discuss alleged loan fraud by credit officers and share personal experiences of unexpected credit card fees, emphasizing the importance of using services like CIC (Credit Information Centre) to detect unauthorized activities and protection against financial fraud.

What People Are Saying

"This morning at work, there were a few people claiming to be [bank name] employees who called to help open a card with a limit of 50 million. This time, the scammers were more sophisticated and even warned the bank staff exactly like "do not provide card information. outside."

"User share tip on how to deal with scammers impersonating bank employees:
They target whoever appears on the system, calling to inquire about card openings and employee ID attachments. Scammers exploit this by calling to deceive. The easiest way, just ask them to send a business card via Zalo for certainty."

"There are a lot of scams online, I just got a credit card, this morning I received 2-3 support calls to increase my online limit. Fraud is becoming more and more sophisticated every day. If you are careless, you will lose a lot. Everyone be careful."

Bank Cards Conversation Over Time, Oct’23 to Mar’24

Three notable spikes in credit card discourse: government blocking 441 fraudulent websites,  Facebook scam involving personal banking details and surge in fraud reports including impersonation and unauthorized transactions.

Chart displays daily conversation volumes (including shares/reposts) on ‘Bank cards’ category query. This visualisation is used to identify key stories (either from the news or social media) that drove conversations and consumer interest.

Payment methods

Non-card Services Conversation

Vietnam (EN)    |   01 Oct 2023 - 31 Mar 2024

List of top 20 online scams shared by X user, court ruling against financial institution for inadequate fraud prevention measures and loan scam operation successfully foiled by Hanoi police were topics of discussions.

Share of Voice Non-card Services

N=13.5k

This chart shows the number of posts from the main search query that mentions specific non-card services and the % of conversations related to each type of service. Shares/Reposts are included. The % change in volumes is compared to the previous six months.

* Online banking refers to A2A (account to account) transfer using internet banking
** Bank transfer refers to offline banking

Vigilance and Prevention Techniques

  • Social media account warns of common online threats​

    An account on X shared a list of the top 20 online scams in 2023. Those included impersonating law enforcement asking victims to transfer money for an investigation, posing as bank employees to guide victims into installing malware and promising 4G SIM card upgrades to steal victims' phone numbers and gain access to their bank accounts.

  • Court ruling sparks discussions on financial entities' fraud prevention efforts​

    Victims of malware attacks secured partial compensation following a court ruling against their financial institutions, which deemed their fraud prevention measures inadequate. The ruling underscored insufficient communication of authentication terms and conditions, highlighting a potential information gap in public understanding of security measures.

  • Police takes down loan scam operation​

    A news outlet reported on YouTube that Hanoi police successfully took down a loan scam operation. Scammers contacted victims and requested payment for alleged deposit fees, insurance fees or loan disbursement fees. Commenters expressed appreciation for the arrests and advised others to always double-check with their bank or the police when approached with calls asking them for payments.

What People Are Saying

"A few months ago, I was also scammed for 2 million, but I thought the amount wasn't significant so I didn't report it to the police."

"In the scam post, the hacker promoted the launch of a new cryptocurrency with the symbol [symbol]. This coin can reportedly be used to pay for [website name] API services. To participate, users were required to provide a wallet address and click on a link."

"I guess it's taking advantage of the phone's facial recognition feature for authentication (the scammerss app interacts with the banking app).?"

Non-card Services - Fraud Types Conversation

Vietnam (EN)    |   01 Oct 2023 - 31 Mar 2024

Consumers engage in discussions on digital scams spanning from fake public services to OTP frauds, impersonations of government officials and fake employees as well as online gambling risks. 

Share of Voice Non-card Services - Fraud Types

N=5.0k

This chart shows the number of posts from the main search query that mentions specific fraud types within the non-card services conversation and the % of conversations related to each type of fraud. Shares/Reposts are included. The % change in volumes is compared to the previous six months.

Scam Types

  • Fake public service scam​

    Forum users discussed a scam where fake public service software, purportedly from a government committee, led to the misappropriation of VND 3 Billion. The victim, prompted by a call instructing them to integrate their home identification code, unwittingly downloaded fake software. Later, their stock account was compromised. Recommendations included exercising caution with Android phones, preferring Apple devices instead.

  • Scammers use victim's OTP to authenticate on services and make purchases​

    Consumers spoke about a new scam where victims were instructed to link their digital wallet to car booking apps. In the process, they provided the scammers with their OTP, which led to the scammers gaining access to that registration and abusing it to make in-app purchases.

  • Impersonators pose as supermarket employees​

    A 36-year old woman received a phone call as well as a Zalo message (popular messaging app) by someone impersonating a supermarket employee. The scammer requested personal details under the guise of wanting to give her gifts for being a loyal customer.

  • Online gambling puts users at risk​

    An online news channel shared news of illegal gambling leading to a misuse of digital wallets. Users commented on the prevalence of ads for online gambling and advised against using digital wallets.

What People Are Saying

"Users react to a court decision ordering an entity to partially compensate a portion of the victim's losses: I think the Court's decision was satisfactory.
[victim name] was tricked by scammers into providing information to appropriate money from her account. The entity must compensate for not providing detailed instructions to warn customers."

"Users comment with a tweet discussing the top 20 online scams: There have been so many warnings about this sort of thing, but people are gullible."

"Many [digital wallet name] users are becoming easy prey for scammers to target. Currently, [digital wallet] is being chosen by many people to perform daily transactions. Taking advantage of that trust, many crooks have used sophisticated methods to defraud and appropriate users' money."

Non-card Services Conversation Over Time, Oct’23 To Mar’24

The major spikes in conversations were on online loan and debt deceptions, fraudulent apps and identity theft on social media leading to loan frauds.

Chart displays daily conversation volumes (including shares/reposts) on ‘Non-card services’ category query. This visualisation is used to identify key stories (either from the news or social media) that drove conversations and consumer interest.

Vietnam Frauds/Scams Related to Cyber Attacks, Oct’23 to Mar’24

Vietnam (EN)    |   01 Oct 2023 - 31 Mar 2024

Concerns about cyber attacks on banking customers prompted analysis of cyber security threats in Vietnam’s banking industry. 

Cyber Attack Events on Banks in Vietnam¹

Cyber Attack Methods on banks¹

Source:
  1. Mastercard Cyber Insights Data. Based on data for the period Oct 2023 – Mar 2024
  2. Attack patterns within this category focus on the manipulation and exploitation of people using e-mails.
  3. Malware performs undesirable operations such as data theft or some other type of computer compromise. Some of the main types of malware include trojans, viruses, worms and spyware.
  4. Ransomware refers to a type of malware that infects the computer systems of users and manipulates the infected system in a way that the victim cannot (partially or fully) use it and the data stored on it
  5. Others include mobile device attacks, web phishing, pretexting, supply chain attack, command and control, persistence techniques etc.

Cyber attacks dominated discussions as a prevalent type of fraud​

  • There were a total of 436 attacks in Oct 2023- Mar 2024 on banks in Vietnam, 72% of which were executed through malware, email phishing and ransomware techniques.

  • Out of all the fraud type discussions for Bank Cards and Non-Card services , ~ 79% were related to cyber attacks (74% in bank cards, 80% in non-card services).  95% of cyber attack discussions under bank card services were associated with credit cards, while 30% of cyber attack discussions under non-bank card services were related to Online Banking.

  • 91% of the cyber attacks are found within online news and are primarily associated with attacks on banking institution and infrastructure. These attacks often capture fraud that boasts high levels of sophistication, through  compromising or impersonating organizations and businesses.

Best practices that can be deployed by banks to enhance cyber controls:

MALWARE RANSOMWARE EMAIL PHISHING
  1. Endpoint Protection:
    • Harden endpoints against attacks by maintaining an inventory of endpoints, automating patch management and regularly updating antivirus and anti-malware software.
    • Use Endpoint Detection & Response (EDR) and enforce Bring-Your-Own-Device security policies.
    • Disable Microsoft Office macros by default and ensure endpoints meet security policies before network access.
  2. Network Security:
    • Segment networks to isolate systems, use firewalls, IDS1/IPS2, implement secure web gateways4, deploy advanced email security and use machine learning to detect anomalies.
  3. Awareness & Training
    • Promote a security-aware culture, mandate security training, conduct phishing simulations and distribute security updates through newsletters and bulletins.
  4. Access Control
    • Implement multi-factor authentication, enforce least privilege access, regularly review and remove unnecessary accounts and maintain logs of all access activities.
  5. Backup Management
    • Follow the 3-2-1 backup strategy3, regularly test backups, implement security safeguards for backups and consider air gap measures for critical data.
  1. Patch Management 
    • Keep systems, applications and firmware updated to prevent ransomware exploits. Automate patch management and document risks for unpatchable systems.
  2. Access Control
    • Implement strong identity security measures, minimize privileges and manage privileged access with multi-factor authentication.
  3. Advanced Threat Protection
    • Deploy comprehensive security solutions including firewalls, IDS1/IPS2, security web gateways and advanced email security with anti-phishing features.
  4. Third-party Risk Management
    • Monitor third-party vendor security posture, enforce least privilege and zero-trust principles and share threat intelligence.
  5. Zero Trust Approach
    • Implement strict access controls, authentication methods and network segmentation4. Automate security responses and utilize behavioral analysis for anomaly detection.
  1. Awareness & Training
    • Foster a security-aware culture, conduct mandatory training and provide tips on identifying phishing emails.
  2. Email & Web Security 
    • Deploy advanced email security and Secure Web Gateways4, configure email for enhanced phishing detection and implement encryption and authentication protocols.
  3. Infrastructure Hardening
    • Deploy robust security systems, apply timely updates, remove unnecessary services and implement strict access controls and monitoring.

Source:

  1. Detection System (IDS): a monitoring system that detects suspicious activities and generates alerts when they are detected.
  2. Intrusion Prevention System (IPS): a network security tool that continuously monitors for malicious activity and takes action to prevent it, such as reporting, blocking or dropping threats
  3. The 3-2-1 backup strategy simply states that you should have 3 copies of your data (your production data and 2 backup copies) on two different media (disk and tape) with one copy off-site for disaster recovery.
  4. Network segmentation is an architecture that divides a network into smaller sections or subnets. Each network segment acts as its own network which provides security teams with increased control over the traffic that flows into their systems.
  5. A secure web gateway protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic.

Get More Information

Get More Information

Your message sent successfully!

Message Submitted!

We'll get back to you promptly with a response.

Executive Summary

Key Topics

Key Opportunities