Bank Cards Conversation
Vietnam (EN) | 01 Oct 2023 - 31 Mar 2024
Warnings on sharing of OTP, unsolicited credit card calls and linking digital wallets to bank accounts.
Share of Voice Bank Cards
N=7.8k
This chart shows the number of posts from the main search query that mentions specific bank cards and the % of conversations related to each type of card. Shares/reposts are included. The % change in volumes is compared to the previous six months.
Vigilance and Prevention Techniques
-
Consumers warn each other about unsolicited credit card calls
People warned each other of instances of unsolicited calls after opening up a credit card. Fraudsters asked them for personal financial information with promises to increase their credit card limits.
-
Contact your bank to verify offers and avoid impersonation scams
Consumers spoke about fake credit card offers, where they were contacted by someone posing as an approval officer. The scammer asked the victim to transfer a sum of money to open up a credit card. Social media users discussed that calling back your bank is a good way to verify such offers.
-
Risk of sharing OTP
Bank spokesperson emphasizes never giving OTPs to third parties. Incident example: Fraudsters stole nearly 60 million dong after a bank customer shared their OTP. The victim believed the call requesting the OTP was genuine after visiting the bank's branch. Forum commenters generally blame the victim for revealing the OTP.
-
Avoid linking digital wallet to main bank account
News of fraudsters accessing a customer's bank account led to a discussion where credit card users were advised to avoid linking their digital wallet to their main bank account and maintaining a low balance in their account, linked to a digital wallet.
Bank Cards - Fraud Types Conversation
Vietnam (EN) | 01 Oct 2023 - 31 Mar 2024
Discussions centered on Facebook and Zalo messaging app credit card scam, e-commerce scam and loan fraud by fake credit officer scams.
Share of Voice Bank Cards - Fraud Types
N=2.5k
This chart shows the number of posts from the main search query that mentions specific fraud types within the bank cards conversation and the % of conversations related to each type of fraud. Shares/Reposts are included. The % change in volumes is compared to the previous six months.
Scam Types
-
Facebook scam targets credit card applicants
A consumer was scammed out of 30 million dong after responding to a fraudulent credit card ad on Facebook. As part of the scam, he was asked to provide an OTP and bank account details, supposedly as part of the credit card opening process.
-
Zalo impersonation scam targets credit card applicants
A consumer reported being called about opening a credit card and was contacted on messaging app Zalo. The scammer sent them a falsified bank ID to impersonate a bank employee. The victim contacted the bank and that was how they found out that it was a scam attempt.
-
News about an e-commerce scam makes waves online
A couple lost 1.3 billion dong to an online scam promising commissions from selling items on a popular online store. Targeted by a Facebook scammer, they were tricked into paying warehouse fees for fake shipping.
-
Credit officers' loan fraud and fee scam discussion
Forum participants discuss alleged loan fraud by credit officers and share personal experiences of unexpected credit card fees, emphasizing the importance of using services like CIC (Credit Information Centre) to detect unauthorized activities and protection against financial fraud.
Bank Cards Conversation Over Time, Oct’23 to Mar’24
Three notable spikes in credit card discourse: government blocking 441 fraudulent websites, Facebook scam involving personal banking details and surge in fraud reports including impersonation and unauthorized transactions.
Chart displays daily conversation volumes (including shares/reposts) on ‘Bank cards’ category query. This visualisation is used to identify key stories (either from the news or social media) that drove conversations and consumer interest.
Non-card Services Conversation
Vietnam (EN) | 01 Oct 2023 - 31 Mar 2024
List of top 20 online scams shared by X user, court ruling against financial institution for inadequate fraud prevention measures and loan scam operation successfully foiled by Hanoi police were topics of discussions.
Share of Voice Non-card Services
N=13.5k
This chart shows the number of posts from the main search query that mentions specific non-card services and the % of conversations related to each type of service. Shares/Reposts are included. The % change in volumes is compared to the previous six months.
** Bank transfer refers to offline banking
Vigilance and Prevention Techniques
-
Social media account warns of common online threats
An account on X shared a list of the top 20 online scams in 2023. Those included impersonating law enforcement asking victims to transfer money for an investigation, posing as bank employees to guide victims into installing malware and promising 4G SIM card upgrades to steal victims' phone numbers and gain access to their bank accounts.
-
Court ruling sparks discussions on financial entities' fraud prevention efforts
Victims of malware attacks secured partial compensation following a court ruling against their financial institutions, which deemed their fraud prevention measures inadequate. The ruling underscored insufficient communication of authentication terms and conditions, highlighting a potential information gap in public understanding of security measures.
-
Police takes down loan scam operation
A news outlet reported on YouTube that Hanoi police successfully took down a loan scam operation. Scammers contacted victims and requested payment for alleged deposit fees, insurance fees or loan disbursement fees. Commenters expressed appreciation for the arrests and advised others to always double-check with their bank or the police when approached with calls asking them for payments.
Non-card Services - Fraud Types Conversation
Vietnam (EN) | 01 Oct 2023 - 31 Mar 2024
Consumers engage in discussions on digital scams spanning from fake public services to OTP frauds, impersonations of government officials and fake employees as well as online gambling risks.
Share of Voice Non-card Services - Fraud Types
N=5.0k
This chart shows the number of posts from the main search query that mentions specific fraud types within the non-card services conversation and the % of conversations related to each type of fraud. Shares/Reposts are included. The % change in volumes is compared to the previous six months.
Scam Types
-
Fake public service scam
Forum users discussed a scam where fake public service software, purportedly from a government committee, led to the misappropriation of VND 3 Billion. The victim, prompted by a call instructing them to integrate their home identification code, unwittingly downloaded fake software. Later, their stock account was compromised. Recommendations included exercising caution with Android phones, preferring Apple devices instead.
-
Scammers use victim's OTP to authenticate on services and make purchases
Consumers spoke about a new scam where victims were instructed to link their digital wallet to car booking apps. In the process, they provided the scammers with their OTP, which led to the scammers gaining access to that registration and abusing it to make in-app purchases.
-
Impersonators pose as supermarket employees
A 36-year old woman received a phone call as well as a Zalo message (popular messaging app) by someone impersonating a supermarket employee. The scammer requested personal details under the guise of wanting to give her gifts for being a loyal customer.
-
Online gambling puts users at risk
An online news channel shared news of illegal gambling leading to a misuse of digital wallets. Users commented on the prevalence of ads for online gambling and advised against using digital wallets.
Non-card Services Conversation Over Time, Oct’23 To Mar’24
The major spikes in conversations were on online loan and debt deceptions, fraudulent apps and identity theft on social media leading to loan frauds.
Chart displays daily conversation volumes (including shares/reposts) on ‘Non-card services’ category query. This visualisation is used to identify key stories (either from the news or social media) that drove conversations and consumer interest.
Vietnam Frauds/Scams Related to Cyber Attacks, Oct’23 to Mar’24
Vietnam (EN) | 01 Oct 2023 - 31 Mar 2024
Concerns about cyber attacks on banking customers prompted analysis of cyber security threats in Vietnam’s banking industry.
Cyber Attack Events on Banks in Vietnam¹
Cyber Attack Methods on banks¹
- Mastercard Cyber Insights Data. Based on data for the period Oct 2023 – Mar 2024
- Attack patterns within this category focus on the manipulation and exploitation of people using e-mails.
- Malware performs undesirable operations such as data theft or some other type of computer compromise. Some of the main types of malware include trojans, viruses, worms and spyware.
- Ransomware refers to a type of malware that infects the computer systems of users and manipulates the infected system in a way that the victim cannot (partially or fully) use it and the data stored on it
- Others include mobile device attacks, web phishing, pretexting, supply chain attack, command and control, persistence techniques etc.
Cyber attacks dominated discussions as a prevalent type of fraud
-
There were a total of 436 attacks in Oct 2023- Mar 2024 on banks in Vietnam, 72% of which were executed through malware, email phishing and ransomware techniques.
-
Out of all the fraud type discussions for Bank Cards and Non-Card services , ~ 79% were related to cyber attacks (74% in bank cards, 80% in non-card services). 95% of cyber attack discussions under bank card services were associated with credit cards, while 30% of cyber attack discussions under non-bank card services were related to Online Banking.
-
91% of the cyber attacks are found within online news and are primarily associated with attacks on banking institution and infrastructure. These attacks often capture fraud that boasts high levels of sophistication, through compromising or impersonating organizations and businesses.
Best practices that can be deployed by banks to enhance cyber controls:
- Endpoint Protection:
- Harden endpoints against attacks by maintaining an inventory of endpoints, automating patch management and regularly updating antivirus and anti-malware software.
- Use Endpoint Detection & Response (EDR) and enforce Bring-Your-Own-Device security policies.
- Disable Microsoft Office macros by default and ensure endpoints meet security policies before network access.
- Network Security:
- Segment networks to isolate systems, use firewalls, IDS1/IPS2, implement secure web gateways4, deploy advanced email security and use machine learning to detect anomalies.
- Awareness & Training
- Promote a security-aware culture, mandate security training, conduct phishing simulations and distribute security updates through newsletters and bulletins.
- Access Control
- Implement multi-factor authentication, enforce least privilege access, regularly review and remove unnecessary accounts and maintain logs of all access activities.
- Backup Management
- Follow the 3-2-1 backup strategy3, regularly test backups, implement security safeguards for backups and consider air gap measures for critical data.
- Patch Management
- Keep systems, applications and firmware updated to prevent ransomware exploits. Automate patch management and document risks for unpatchable systems.
- Access Control
- Implement strong identity security measures, minimize privileges and manage privileged access with multi-factor authentication.
- Advanced Threat Protection
- Deploy comprehensive security solutions including firewalls, IDS1/IPS2, security web gateways and advanced email security with anti-phishing features.
- Third-party Risk Management
- Monitor third-party vendor security posture, enforce least privilege and zero-trust principles and share threat intelligence.
- Zero Trust Approach
- Implement strict access controls, authentication methods and network segmentation4. Automate security responses and utilize behavioral analysis for anomaly detection.
- Awareness & Training
- Foster a security-aware culture, conduct mandatory training and provide tips on identifying phishing emails.
- Email & Web Security
- Deploy advanced email security and Secure Web Gateways4, configure email for enhanced phishing detection and implement encryption and authentication protocols.
- Infrastructure Hardening
- Deploy robust security systems, apply timely updates, remove unnecessary services and implement strict access controls and monitoring.
Source:
- Detection System (IDS): a monitoring system that detects suspicious activities and generates alerts when they are detected.
- Intrusion Prevention System (IPS): a network security tool that continuously monitors for malicious activity and takes action to prevent it, such as reporting, blocking or dropping threats
- The 3-2-1 backup strategy simply states that you should have 3 copies of your data (your production data and 2 backup copies) on two different media (disk and tape) with one copy off-site for disaster recovery.
- Network segmentation is an architecture that divides a network into smaller sections or subnets. Each network segment acts as its own network which provides security teams with increased control over the traffic that flows into their systems.
- A secure web gateway protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic.