Wrong password - sophisticated scam targeting bank customers

Minh Ánh (Theo CyProtek) |

Hackers impersonate bank employees and use the "account locking" trick to steal assets via OTP code.

Wrong password and perfect phishing scheme

In June 2023, the CyProtek investigation team of the Anti-Fraud project received a series of complaints from users about bank accounts being suddenly locked for no apparent reason. The victims all told a similar story: After their accounts were locked, they received a call from a "bank employee" asking for an OTP code to recover them. Just a few minutes later, the assets in the account "evaporated".

Initial analysis suggests that these are not isolated incidents, but rather part of a larger fraud campaign targeting banks in Vietnam. The CyProtek team decided to get involved, assigning the investigation code 23xPH03NIX, part of an international cyberattack campaign called GoldFactory.

"Account Lock" Tricks - The Starting Point of a Scam

According to the investigation, hackers start by collecting victims' information from leaked data sources or online black markets, including phone numbers, emails, login names, and even passwords. Notably, many of the data are accidentally revealed by the victims themselves through social networks or unsecured online platforms.

Once they have enough information, the hacker logs into the victim’s bank account. They intentionally enter incorrect information multiple times to lock the account. This is the perfect “knot” to start the scam scenario.

Mot truong hop dien hinh ve mot ngan hang tam khoa tai khoan trong 30 phut do nhap sai mat khau 5 lan (du dang tren mot thiet bi moi hoan toan). Anh: CyProtek
A bank account was temporarily locked for 30 minutes after entering the wrong password 5 times (even on a completely new device). Photo: CyProtek

Fake bank employee call

When an account is locked, the victim receives a call from someone claiming to be a bank employee. This person informs that the account has been locked due to suspected unusual activity. They quickly provide accurate information about the victim's account - from account number to recent transactions - to build trust.

The hacker then asks the victim to provide an OTP code to “verify and reopen the account” through a fake website in order to hijack the bank account. In a state of panic, most victims do not suspect anything and follow. But when the OTP code is sent, the hacker immediately makes money transfers or steals assets.

Hacker gia danh nhan vien ngan hang va goi dien truc tiep de tiep can nan nhan. Viec biet so dien thoai cua ban khong phai la tro ngai lon, boi thong tin ca nhan, bao gom so dien thoai, thuong duoc giao dich tran lan tren thi truong cho den. Chi can bo ra vai chuc nghin dong, hacker da co the mua duoc thong tin cua ban thong qua cac bot tren Telegram hoac cac hoi nhom chuyen mua ban du lieu ca nhan. Anh:
Hackers impersonate bank employees and call victims. Knowing your phone number is not a big obstacle, as personal information is often traded widely on the black market. Photo: CyProtek.

The hacker's well-organized system of operations

CyProtek’s analysis shows that the hackers in the GoldFactory campaign did not operate alone, but in a systematic manner. They would perform several steps:

Buying personal data: From black markets that trade data, including leaked data from large corporations.

Understand banking security procedures: Exploit loopholes in locked account handling mechanisms.

High-tech: Using tracking software and fake apps to optimize attacks.

Over the past two years, the hacker group has created more than 421 fake websites to spread malware and deceive victims. This network not only operates in Vietnam but also has links with cybercrime groups in Cambodia, Myanmar and China.

Identify and protect yourself from new tricks

The CyProtek investigation team of the project emphasized that users need to be aware of the following signs to protect themselves:

Never provide OTP code over the phone: Banks do not ask for this information in any form.

Beware of calls from unknown numbers: Check information through the bank's official switchboard before taking any action.

Check transaction history regularly: Detect suspicious transactions promptly.

The investigation team's journey has exposed an organized cybercrime network with sophisticated and large-scale tricks. These findings are not only a wake-up call for users, but also pose a challenge for banks to improve their security systems.

As hackers become more and more professional, users' vigilance and understanding will be the most important shield. "One minute of carelessness, a lifetime of paying the price" - always be careful when using online banking services.

Minh Ánh (Theo CyProtek)
TIN LIÊN QUAN

Security flaw discovered in iPhone's USB-C port

|

Security holes in iPhone's USB-C port can be exploited to install malware and steal user data.

The death anniversary of Hung Vuong's great monk in Phu Tho is a grand festival

|

Phu Tho - The Hung Temple historical relic site is being decorated with many colors from the cultural funds of 13 districts, cities and towns in the area.

Prime Minister directs Vinh Phuc to focus on arranging administrative boundaries

|

The Prime Minister requested Vinh Phuc province to focus on implementation, ensuring progress in streamlining the apparatus and arranging administrative boundaries according to the direction of the Central Government.

HCMC reviews criteria for rearranging 273 wards, communes and towns

|

HCMC - The Ho Chi Minh City Department of Home Affairs is coordinating with districts, towns and Thu Duc City to review the criteria to develop a draft to reorganize 273 commune-level administrative units.

Lam Dong reforms to become an attractive destination for investors

|

Lam Dong - The locality is committed to strongly reforming administrative procedures, aiming to make the province an attractive destination for investors.

Stock market capitalization evaporated over VND500,000 billion

|

The stock market had a sharp decline, erasing the price increase results in the previous 2 months.

The Ministry of Finance talks about the 46% tax rate

|

The representative of the Ministry of Finance assessed that the US imposing a 46% tax on Vietnamese goods will negatively affect exports, requiring appropriate policy responses.

Dry port project in Hoai Duc abandoned for many years

|

The ICD My Dinh dry port project in Hoai Duc, Hanoi has been approved for nearly 10 years but has not been completed. However, the project's land has shown signs of lease.

Security flaw discovered in iPhone's USB-C port

TRÍ MINH (THEO phonearena) |

Security holes in iPhone's USB-C port can be exploited to install malware and steal user data.

Tìm bị hại trong vụ lừa đảo bất động sản tại Hải Dương

Công Hòa |

Hải Dương - Công an tỉnh Hải Dương vừa bắt giữ đối tượng lừa đảo chiếm đoạt tài sản và đăng thông tin tìm kiếm các bị hại liên quan.

Cựu nhân viên ngân hàng lừa đảo chiếm đoạt tài sản

BẢO TRUNG |

Đắk Lắk - Với thủ đoạn đưa ra thông tin gian dối là làm hồ sơ đáo hạn ngân hàng, Phạm Kiều Hưng đã vay tiền của nhiều người rồi lừa đảo chiếm đoạt tài sản.