Technology experts “unmask” online scams and data theft

Before a series of incidents happened in the world and in Vietnam, technology experts have summarized the scams that users are most likely to fall into in the past time.

3 main groups, with 16 types of scams, all related to data breaches

Group 1 – Account hijacking: Hijacking social network accounts to send fraudulent messages; Fake relatives to call scams (can fake voice and image); Trick to transfer money to victim’s bank account to make loan interest payment; Trick victims to access/click high-interest black credit loans.

Group 2 – Forging brands: Impersonating reputable organizations’ brands to send fraudulent messages and emails; Fake official website to trick information, trick transactions… trick to install malicious code via links.

Group 3 – Combination: Impersonating authorities to make fraudulent phone calls; Calling the victim to pick up the phone, money will be deducted from the account; Create fake nick to cheat; Fake e-commerce floor, virtual currency floor… tricking into being a CTV, an investor…

These scams are used a lot via Internet Banking: Fake bank to cheat winning to get account, OTP code…; Impersonating the police to request account information for investigation or to request money to be transferred to a police savings account (fake) for proof; Impersonating a relative asking for money or borrowing money.

Personal data breaches in banking and finance

1. Disclosure of personal information

Intentionally distributing or sharing personal information with third parties without the consent of the customer

Accidentally disclosing personal information due to lack of regulatory compliance.

2. Data loss or leakage

Loss (deleted, encrypted) or leak of personal data due to cyber attack, snooping;

Data loss or leakage due to the use of unsecured storage devices

3. Misuse

Use personal information for purposes that are not authorized by the customer or do not comply with the law;

Intentional misuse by organizations or individuals; or due to lack of understanding, inadequate awareness of organizations and individuals;

4. Invasion of privacy

Unauthorized or unnecessary collection of personal information

Using unauthorized tracking or monitoring methods

5. Fraudulent transaction

Phishing to steal accounts, passwords, OTP codes

Credit card fraud or identity fraud

6. Improper management

Lack of specific rules, regulations and guidelines

Lack of supervision, inspection and sanctions to ensure enforcement.

What to do to ensure data security?

The number one weakness in data protection and information security is still people. Therefore, users – data subjects need to protect and preserve personal information, understanding that it is to protect themselves against risks in the network environment.

Users need to understand and exercise the data subject’s rights to his/her personal information;

Beware of fake links, emails, strange messages, websites filled with personal information, provide personal information only to trusted and really needed organizations;

Do not access, download files, provide personal information on websites of unknown origin;

Use strong passwords for all accounts, strong passwords (long enough, have a variety of characters, do not overlap across services, and change periodically);

Use multi-factor authentication if possible, 2-factor authentication including email, phone number, authenticator to generate OTP…

Do not log in your accounts on public devices, strange devices capable of attaching key loggers; beware of free wifi;

Install anti-virus software on computers and phones to avoid infection with malicious code;

Do not install applications, crack software, unknown origin;

Beware of online scams.