Home Bank Unscrupulous Exploitation of Biometric Security: Banks Issue Urgent Fraud Alert

Bank

Unscrupulous Exploitation of Biometric Security: Banks Issue Urgent Fraud Alert

"With the rise of sophisticated fraud attempts, banks are now requiring customers to set up biometric security measures to protect their accounts. This move is designed to prevent criminals from stealing funds, ensuring a safer banking experience for all. However, scammers have also been taking advantage of this situation, prompting urgent warnings from financial institutions."

Administrator

20 July, 2024

There are only two biometric setup methods

According to Decision 2345/QD-NHNN of the State Bank on the deployment of safety and security measures in online and bank card payments, banks have been supporting customers in collecting and registering biometrics in two ways:

First, for customers who already have an e-ID card with a chip and an NFC-enabled phone, they can proactively complete the process on the digital banking app (the official app of the bank) through the “Update Biometrics” feature.

Second, for customers who do not have an e-ID card with a chip or whose device does not support the online banking app, they can visit the bank’s transaction offices for assistance.

Banks advise customers to register biometrics using only one of these two methods. Any other instructions that differ from these two methods are fraudulent. Banks do not require customers to provide any information related to access, passwords, OTP codes, etc., for biometric registration.

However, taking advantage of the banks’ biometric collection process, fraudulent individuals have been impersonating bank employees to assist users with this update.

Customers registering biometric authentication at an Agribank transaction office. Image: Agribank

Some common scams that these individuals are carrying out include:

Contacting customers through phone calls, text messages, or social media platforms (such as Zalo and Facebook) to guide them through the process of collecting biometric information.

Creating nicknames that can be misleading, such as “bank employee” or “customer support,” and interacting with customers’ comments on the bank’s official social media posts, asking them to direct message (DM) them, with the intention of deceiving and defrauding customers of their information.

Requesting customers to provide personal information, account details, e-ID card images, facial images, and even video calls to collect their voice and gestures.

Asking customers to access suspicious links to download and install applications that supposedly support biometric collection on their phones.

Once they obtain the customers’ information, these individuals proceed to steal money from their bank accounts.

Banks warn customers to never provide personal information through channels such as phone calls, SMS, email, or chat software (Zalo, Viber, Facebook Messenger, etc.). Additionally, customers should never click on suspicious links or provide any secure account information, such as online banking login credentials, passwords, OTP codes, card details (card number, OTP), account information, or any other personal or secure banking information.

Customers should also refrain from sharing personal information, banking services details, or transaction information on social media to prevent fraudsters from impersonating bank staff and requesting support or additional information for fraudulent activities, deception, and theft from their accounts.

Say No to Unfamiliar Apps

Regardless of how the scammers initially approach their victims, the most common method they employ is ultimately guiding them to install malicious applications (fake apps) that steal information and money from their victims’ accounts.

In addition to fake banking apps, some other fake apps that have been identified include: Fake public service apps, fake VNeID apps, fake government apps, fake tax agency apps, and fake Ministry of Public Security apps.

Scammers contact potential victims and lure them with various scenarios, such as:

Informing them that their identity information is not synchronized on the system.
Claiming that their electronic household registration book is about to expire.
Offering to help with VNeID level 2 identification.
Suggesting that they download an app to get a queue number and avoid waiting in line when visiting the district police for procedures.
Instructing them to visit the district police to update their driver’s license information.

Image of a fake public service app as warned by Vietcombank.

Scammers send victims links and instruct them to access and install malicious applications on their phones. Some of the identified scam links include: dichvucong.dulieuquocgia.co, dichvucong.bvgov.com, dichvucong.govn.com, and dichvucong.bcagov.com.

These fake apps request that users install them from unknown sources and grant high-level device access permissions, such as reading text messages and remotely controlling the phone.

According to authorities, signs of a fake app include:

The app is not installed from official app stores (App Store, CH Play) but rather through a link provided by the scammer.
The phone screen becomes unresponsive or freezes after installing the app.
The phone starts running slowly, heats up, or drains battery quickly after the app is installed.
The app automatically turns on even when not in use.

Therefore, authorities advise citizens to be cautious when receiving calls or messages purportedly from “authorities” asking them to install applications.

It is recommended to only install applications from trusted developers available on official app stores like App Store (for iOS) and CH Play (for Android).

Never install apps through links sent via messaging apps like Zalo, SMS, or Viber, or through links provided by unknown individuals.

If you notice any suspicious signs on your phone, such as slow performance, a black screen, permission requests, the appearance of unfamiliar apps, overheating, or rapid battery drain, immediately perform a factory reset on your device.

Keep your banking apps updated to the latest version and register biometrics to enhance security.

Tuân Nguyễn