I. DOMESTIC NEWS
1. WARNING ABOUT RENTING OR BUYING BANK ACCOUNTS FOR SCAM
Hanoi City Police said that recently, the crime of fraud and appropriation of property on the Internet has become very complicated with many new and sophisticated tricks. Fraudsters often use bank accounts bought and sold to make transactions to transfer and receive money from victims and then launder the money using many different methods.
The tricks of subjects often post information on forums and social networking groups about renting or buying bank accounts or approaching low-income workers and people who lack knowledge of the law. or students of Colleges and Universities are asked to open a bank account to receive wages from 500,000 - 1 million VND.
After opening an account, the account holder must hand over Internet Banking login information, registered phone SIM, bank card, etc. to the subject. The subject will use these bank accounts for illegal acts, especially fraudulent appropriation of property.
Accordingly, the Department of Information Security (Ministry of Information and Communications) recommends that people should be extremely careful and cautious in managing their personal information and bank accounts, avoiding assisting criminals or being involved in illegal acts. Measures must be taken to ensure the safety of personal information, not sharing personal information or bank account information with strangers on the Internet; say no to any offers to "rent" or "sell" bank accounts for financial gain.
If any bank account buying or selling activities are detected, citizens need to immediately report it to the police for handling and resolution. Also learn about the risks and legal consequences related to "renting" and "selling" bank accounts to avoid becoming a victim of crime.
In many cases, the account owner may be considered an accomplice with the subject or will be prosecuted for the "Crime of illegally collecting, storing, exchanging, buying, selling, and publicizing information about bank accounts" as prescribed in Article 291 of the 2015 Penal Code (amended and supplemented in 2017).
2. USING FACEBOOK, SUBJECT FRAUDULENTLY SELLS USED CARS, SEIZES NEARLY HALF A BILLION VND
On April 15, Loc Binh district police, Lang Son province, prosecuted the case and prosecuted two suspects, Hoang Van Cuong and Nguyen Anh Van (both born in 1993, residing in Son Dong district, Bac province). Giang) about the fraudulent act of appropriating property through appropriation of Facebook usage rights, using pictures of old cars online to post ads to sell at cheap prices to trick deposit money.
Previously, through the work of understanding the situation in cyberspace, Loc Binh District Police discovered that from around November 2023, on the social network Facebook there was an account "Lo Quyet Tien", the background image was a photo of "Automotive Company". Quyet Tien", with address number 29, TDP number 1, Na Duong town, Loc Binh district, Lang Son province, contact phone number 0911.731.129, specializes in buying, selling and exchanging used cars. However, in reality, in Na Duong town, Loc Binh district, there is no car salon with the above name and address. On the Facebook account "Lo Quyet Tien", many articles and advertising videos have been posted to sell used cars at much cheaper prices than the market. Loc Binh district police have taken measures to verify and clarify. Approaching and discussing with a number of Facebook accounts confirmed contact and communication with the account owner "Lo Quyet Tien" using the Zalo account of phone number 0911.731.129 and transferred the deposit to buy a car from 5 million VND to 50 million VND went into bank accounts named Lo Quyet Tien and was appropriated.
At the investigation agency, the two subjects confessed to using high technology to commit fraud and appropriate property. Both subjects have university degrees, so they created many tricks to conceal their crimes such as using fake Facebook accounts under other people's names; using technology to create images of a non-existent car salon in Na Duong town, Loc Binh district as the background image of their Facebook accounts; using images of used cars on the internet to advertise for sale at cheap prices; using phone numbers and bank accounts under other people's names to receive deposits. After appropriating the victims' money, the subjects exchanged it for cash at stores in many different provinces and cities.
Up to the time of arrest, the number of people defrauded by the subjects reached nearly 100 people nationwide and the amount of money appropriated was about 500 million VND. Cuong and Van divided the appropriated money for personal use.
To prevent the above situation from continuing to occur, the Department of Information Security (Ministry of Information and Communications) recommends that people need to be alert when making buying and selling transactions not only on social networking sites but also on commercial floors. e-commerce. It is necessary to carefully check and find out information about the seller; Only make transactions after confirming credibility and ensuring that the seller has enough detailed product information, quality images and accurate descriptions. People do not buy products of unknown origin and prices that are many times cheaper than the market to avoid buying poor quality products or having their property appropriated. In addition, people should also learn about the seller's warranty and refund policy to ensure their own benefits.
3. HANOI: MAN LOST NEARLY 3 BILLION VND AFTER PARTICIPATING IN ONLINE SALES
On April 18, Hanoi City Police said that recently a victim was robbed of more than 2.7 billion VND when investing in a fake website impersonating the e-commerce site Carousel with the link www.carousell888.com.
Specifically, Mr. N. (living in Hanoi) received a friend message from a female Facebook account. After chatting, this person invited Mr. N. to invest in selling products to earn commissions on the website www.carousell888.com. The website has an interface and domain name that impersonates Singapore's Carousell e-commerce site (www.carousell.sg) with stalls selling all kinds of products.
Mr. N. was instructed to open a booth, post products provided by the subject, when a customer places an order, he must pay the warehouse that supplies the goods and transports them to the customer, when the order is completed, he will receive a commission. At the beginning of his participation, the order value was from 1-10 million VND and with the commission returned, Mr. N. could still withdraw the money.
However, after that the orders were much larger in value and quantity. When the amount reaches billions of dong, the victim cannot withdraw the money, the subject will hook each other up with reasons for needing to upgrade membership, pay taxes, pay customs fees... with the purpose of letting the victim Continue transferring more money before you can withdraw it.
Accordingly, the Department of Information Security (Ministry of Information and Communications) recommends that people be wary of calls and invitations to become collaborators on fake e-commerce sites. Be especially wary when receiving friend requests or chats from unfamiliar social network accounts. Carefully check the account owner's personal information by monitoring the account's activity history through photos. profile picture or images, posts on personal wall (fake subjects often change their profile picture, post content recently) or choose traditional contact methods such as calling, meeting live, video call to check.
When deciding to invest, it is necessary to carefully check the legality of e-commerce platforms through the official e-commerce activities management system of the Ministry of Industry and Trade on the official website.
If you detect any cases showing signs of fraud, please contact the nearest police agency to promptly resolve the case according to regulations.
4. FAKE WARNING PEOPLE'S SECURITY ACADEMY SUPPORTS RECOVERING LOST MONEY
Recently, a fake Facebook account has appeared, impersonating the People's Security Academy, to help victims of online fraud.
Taking advantage of the psychology of those who have been scammed and want to get back their lost money, the subjects rely on the image of the People's Security Academy to build trust with the victims. Then, the subjects use the image of the People's Security Academy and announce to support the victims to get back the scammed money. Instead of going to the police to report, the scammed people go on social networks to ask the subjects to impersonate the People's Security Academy to support the recovery of the scammed money. At this time, the subjects instruct the victims to pay a fee for support or do tasks to withdraw money hanging on the system. When someone transfers money, the subjects notify that the bank account has an error and do not allow the withdrawal.
Faced with the above situation, the Department of Information Security (Ministry of Information and Communications) has repeatedly issued warnings to people, but many gullible users still fall into scam traps. Absolutely do not go to social networking sites that advertise that you can get your money back, to avoid falling into the traps of scammers. People need to be more vigilant, and at the same time learn and equip themselves with knowledge to protect themselves on social networks. The most important thing is that people absolutely do not provide personal information to anyone through any form; information disclosure will lead to many worrying consequences. When receiving a strange call or contacting a group providing services on social networks, absolutely do not make a money transfer transaction to the subject without first learning about and verifying the identity of that subject.
If detecting cases showing signs of fraud, people need to report to the Police to resolve the case according to the provisions of law; Do not look to social networking sites that suggest you can get your money back when you are scammed, avoid falling into the trap of scammers.
II. INTERNATIONAL NEWS
5. WARNING ABOUT CYBERCRIME IMPRESSING AS LASTPASS EMPLOYEES TO HACK PASSWORD Vaults
LastPass is warning about a malicious campaign targeting its users using the CryptoChameleon scam kit that involves cryptocurrency theft.
CryptoChameleon is an advanced phishing toolkit that was discovered earlier this year, targeting Federal Communications Commission (FCC) employees using custom Okta single sign-on (SSO) pages.
According to researchers at mobile security firm Lookout, campaigns using this phishing toolkit also targeted cryptocurrency platforms Binance, Coinbase, Kraken, and Gemini, using pages impersonating Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL.
During the investigation, LastPass discovered that their service had recently been added to the CryptoChameleon suite and a phishing site was hosted at the “help-lastpass[.]com” domain.
The attacker uses a variety of sophisticated techniques (typically voice phishing) to contact potential victims, while pretending to be LastPass employees trying to help secure accounts after unauthorized access.
Accordingly, the victim receives a call from number 888 claiming unauthorized access to their LastPass account and is prompted to allow or block access by pressing "1" or "2". If they choose to block access, they will receive a follow-up call to resolve the issue. The second call came from a spoof number, where the caller, posing as a LastPass employee, sent a phishing email from "support@lastpass" with a link to a fake LastPass website. Subject requires victim to enter master password on this website allowing subject to change account settings and lock out legitimate users. Even though the malicious site is offline, it is very likely that other campaigns will follow and threat actors will rely on new domains.
In response to the above information, the Department of Information Security (Ministry of Information and Communications) recommends that users of popular password management services be careful with suspicious phone calls, messages or emails claiming to come from LastPass. Absolutely do not share any personal information in any form, or do not follow the subject's requests and instructions without verifying your identity. If you encounter the above situation, users need to report it to LastPass at abuse@lastpass.com for support.
6. WARNING NEW ANDROID MALWARE "MAMONT", FAKES GOOGLE CHROME TO STEALE CUSTOMER INFORMATION
Researchers have recently come across a new Android banking trojan called 'Mamont', which hides in plain sight by impersonating the popular web browser - Google Chrome.
In February 2024, researchers at McAfee encountered a new version of the popular XLoader Android malware, disguised as Chrome to steal information such as passwords, text, photos, and contacts.
The malware is often distributed through spam and phishing messages. Once installed, the app automatically opens and asks the user to provide various permissions such as making and managing phone calls, sending and receiving messages. If the unsuspecting user grants these permissions, it displays a message to the device owner stating that they have been selected to receive a cash prize. To receive the prize, the user simply needs to provide their phone number and credit card number on the software. Once completed, the malware then displays another prompt asking the user not to delete the app for the next 24 hours. Since Mamont has access to send and receive SMS, it then scans your inbox for messages related to your banking app. These secret messages are then sent to a Telegram channel controlled by the threat actors, where sensitive information such as 2FA codes are used to commit banking fraud and withdraw money from your bank account.
For now, the malware only targets Russian speakers, but it wouldn't take long for the threat actors behind Mamont to target another demographic.
In response to the above information, the Department of Information Security (Ministry of Information and Communications) recommends that people should be cautious with strange links, absolutely do not download software of unknown origin to avoid becoming victims of personal information theft and malware installation. At the same time, absolutely do not provide sensitive personal information (ID card number, credit card number, bank account number, OTP code, ...) in any form.
Also, since the malware has the same icon as Chrome, it makes it difficult for users to differentiate between the two. However, the malware installs as ‘Google Chrome’ instead of just ‘Chrome’ and has a black border around the icon as can be seen in the image above. To stay safe from such Android viruses, all you need to do is avoid downloading and installing apps from untrusted sources and stick to official apps like the Google Play Store. Also, when you install any app, make sure to pay attention to the permissions it asks for.
Monitor and update information, information situations, situations, and signs of online fraudsters at the National Cyberspace Portal (https://khonggianmang.vn)
If you detect signs of fraud, please send feedback to the address of Vietnam Information Security Warning page (https://canhbao.khonggianmang.vn)