“Stay put” bank accounts also lose money
Impersonating the police, district officials, scammers instruct victims to access unfamiliar links to update their personal data. Just a few hours later, the bank accounts were empty. Alternatively, users can install unfamiliar apps. The situation of control over the phone and loss of money in the account is also happening. These cases are not uncommon.
Even victims said that even though they did not access any unfamiliar links, their bank accounts still lose money. Take the case of Mr. Tran Trung Manh from Hanoi recently, his account suddenly reported a transaction. Meanwhile, Manh asserted: He did not access any unfamiliar links or download any unfamiliar apps.
According to cybersecurity experts, the common trick is to entice users to click on the link and download counterfeit apps containing malware. During the installation process, the app will request Accessibility permission and if the user presses Accept (grant permission), the fake app will track and collect information on phone operations, collect information such as usernames, passwords, authentication codes sent to the phone (OTP / Smart OTP)…
When enough information is available, the fraudsters will wait for the account to have enough money to take control of the device and access banking apps to transfer money, take money from users’ bank accounts.
Previously, Saigon – Hanoi Commercial Joint Stock Bank (SHB) warned of the situation where customers’ bank accounts were hacked due to fraudsters taking over the use of phones. The bank pointed out many warning signs that the phone is being controlled such as: the phone quickly runs out of battery and slows down, strange apps appear on the phone.
Or if an app starts up even when the phone is not in use or the battery suddenly drains quickly or the machine heats up abnormally, then the accessory control has been turned on for some strange apps and the accessory control cannot be turned off. At this point, the customer’s device may have been compromised.
(Illustrative photo)
The bank only protects the account
To prevent the phone from being controlled, some banks recommend that customers in case of suspicion or discovery of fraudulent apps installed or unable to disable Accessibility permissions should actively enter the wrong password for the mobile banking service 5 times to lock the service.
Moreover, to avoid risks, customers should not click on links sent via messages, social networks from unverified sources, not install apps of unknown origin, not listen to and follow the requirements of the party who self-proclaim to be employees of taxes, police, public services… in any form, many banks have issued warnings.
Or like VPBank, it also recommends that customers turn off all Accessibility permissions for harmful apps before successfully logging in VPBank NEO and performing transactions.
According to cybersecurity experts, users should review the link between bank accounts and e-wallets. This can also be a risk for the hack of bank accounts.
In addition, users should avoid connecting to untrusted public wifi, especially when using finance-related apps, especially online banking. It is best to turn off phone Bluetooth when not in use as hackers can also use phone Bluetooth to attack. At the same time, the phone must have a passcode or biometric fingerprint lock.
