Lenders reinforcing cyber defences

Lenders reinforcing cyber defences. Photo: freepik.com

Vietnam Export-Import Commercial Joint Stock Bank (Eximbank) has just warned of a few new tricks from criminals to steal money from customers’ accounts.

In a specific case, fraudsters send messages to customers stating that “Eximbank updated its banking software, and your Eximbank account has been deactivated.”

Links are then attached to these messages that lead to fake websites, which are created and controlled by the fraudsters.

“These fake websites feature a similar interface to Eximbank’s own website, so customers can be easily tricked into logging in. Without notice, customers would provide their personal information like accounts and passwords. That’s when cybercriminals break into their real accounts,” an Eximbank representative cautioned.

With the fraudulent website logins, scammers reach for one-time passwords (OTPs) – a security feature to verify a user’s identity for online transactions. They would use them to access the victim’s real accounts and transfer money out to another account or use the funds within the account for online purchases.

The latest cybercrime-related case is one of Sacombank’s customers, who had her account activated on an alleged Sacombank website which turned out to be fake. According to local media, the female customer lost VND38 million ($1,652) within a few minutes.

A few months ago, Tran Viet Luan from Ho Chi Minh City lost VND406 million ($17,650) when logging into his Vietcombank’s account, while the money was transferred to a beneficiary at MSB and SeABank. Luan’s incident was allegedly linked to an OTP attack, with the same old trick.

Last year, a large sum of money was illegally usurped by hackers through a network attack on banks that targeted OTPs for user transactions. The major way of cyber criminals is to trick users into installing malware, particularly spyware, on their mobile phones in order to steal OTP messages and proceed with illegal transactions.

Nguyen Van Giang, deputy director of the Department of Cyber Security and High-tech Crime Prevention and Control under the Ministry of Public Security, noted there were around 4,000 cases related to cybersecurity attacks, leading to a total loss of about VND100 billion ($4.35 million) last year.

Experts predicted that, in 2021, financial institutions such as banks, payment intermediaries, and e-wallets in Vietnam will continue to be prime targets of cybercriminals.

Ngo Tuan Anh, vice president in charge of cybersecurity from security solutions developer Bkav Vietnam said, “Nowadays, there are many cases where hackers exploit the weaknesses of fintech and banks. Fraud attacks regarding bank accounts are predicted to increase unpredictably in 2021, especially as digitally-led financial services lure more attention from customers in the face of Industry 4.0.”

Nguyen Son Hai, director of Viettel Cyber Security, revealed that 90 per cent of cyberattack alerts are linked to finance and banking, emphasising the immense threats of a relatively weak security infrastructure in Vietnamese fintech and banks.

Furthermore, market watchdogs cautioned that instead of targeting consumers directly, hackers now could attack software manufacturers. Once victims download or update such software, the malware is activated and hackers can easily break into the protected systems.

A report conducted by consultancy PwC showed that 96 per cent of executives have shifted their cybersecurity strategy due to the COVID-19 pandemic, while 55 per cent of respondents lack confidence that their cyber spending is allocated towards the most significant risks.

Getting the most value for every US dollar spent on cybersecurity becomes more critical as organisations digitalise. More than half of organisations (55 per cent), state that their cyber budget will be increasing in 2021.

Pho Duc Giang, director of PwC Vietnam Cybersecurity, commented, “We have seen increased investments in cybersecurity in terms of technical solutions, managed services, and human resources in Vietnam. However, few companies are operating cyber risk assessments in practical ways, and local leaders need more sufficient business information to raise confidence in budget estimation and decision-making.”

Do Quy Vu, deputy director of the National Institute of Information and Communication Strategy under the Ministry of Information and Communications, told VIR that the country boasts prime advantages in developing digitally-led financial services with e-commerce growth estimated at 30 per cent annually.

Le Anh Dung, deputy director of the Payment Department under the State Bank of Vietnam also said that 95 per cent of credit institutions are embarking on their digital transformation journey.

“But this process is facing many challenges. For example, the incomplete legal framework has become a bottleneck in the process, specifically with regards to electronic transactions, the authentication of e-signatures, and digital contracts in banking transactions,” Dung said.