According to BIDV bank, recently, there have been subjects impersonating officials of State agencies and the Government (especially the Police and Tax authorities) calling customers to notify them of the need to declare / update information on applications of State agencies (such as VNEID , VSSID, eTax,..) and will send / read download links of fake applications to customers.
After the fake application is installed on the phone, the subjects will create some situations for users to perform transactions such as changing passwords, transferring fees, … When customers do, these fake applications will monitor and steal the information that customers enter into all applications on the phone, as well as the operations that customers perform on the device (including the risk of information theft on SmartBanking), thereby taking control of the mobile device as well as the customer’s account.
The phenomenon was mainly detected with customers using the Android operating system.
Accordingly, BIDV recommends that customers using Android devices disable applications with Accessibility rights in the “Settings > Support > Installed applications” section. Besides that, the bank recommends customers to:
– Only install official applications on Appstore and CH Play, do not install via strange websites/links, absolutely do not provide / disclose information (passwords, verification codes, …) to anyone to avoid being misappropriated.
– Absolutely do not store on mobile devices: photos of personal CMTND/CCCD/Passport, bank account numbers, passwords to access banking applications.
– Always update the BIDV SmartBanking application to the latest version.
– Master the working regulations of State agencies and the Government is to only guide administrative procedures at the Office or through the National Public Service Portal, not guide via phone, message, social network.
– Immediately notify the nearest public security agency if any suspicion is detected.
Similarly, VietinBank recently warned of fake public service software. Fraudulent and counterfeit activities are increasing in number and diversity, and more sophisticated in methods and tricks. Most recently, the trick of these subjects is to impersonate competent authorities to guide and request users to download fake public service applications (Ministry of Public Security, VNEID, General Department of Land Management, General Department of Taxation…); thereby gaining control of the phone and seizing assets in the bank account, electronic wallet… of customers.
According to the announcement of the public security agency, the 4 main steps in the fraud scenario used by the groups include: Impersonating officials of State agencies to request users to cooperate to serve the work; guide users to download and install fake applications; fake applications connect and receive commands from the server of the attacking group; The attack group can track, take control of the device, remotely steal data on the user’s device, and thereby easily seize the user’s assets.
The competent authority also recommends that people be vigilant against strange calls and messages because the competent authorities do not ask for personal information, nor do they work by phone; at the same time, contact the competent authorities to verify the person contacting/calling and be wary of requests to install software.
In order to ensure safety, enhance security for customers, especially those using Android devices, VietinBank recommends customers 3 “No”, 4 “Yes”:
Absolutely DO NOT install fake public service software (Ministry of Public Security, VNEID, General Department of Land Management, General Department of Taxation…) from strange websites/links/QR Codes or APK files. Absolutely DO NOT click on strange links sent via email/message. Absolutely DO NOT provide confidential information such as login name, password, OTP code, etc. to anyone in any form, including police or bank staff.
Should ONLY install software on App Store/Google Play/CH Play app markets. When installing any application, users SHOULD read the information carefully before agreeing to all terms, checking the author (developer) information, and reading application reviews. SHOULD regularly update the methods and tricks of criminals on the mass media and VietinBank/VietinBank iPay Mobile website. If there are signs of suspected fraud, SHOULD immediately contact VietinBank (Hotline: 1900 558 868) and the public security agency for timely support.
