Scammers create websites, emails, messages exactly like reputable organizations (Banks, E-wallets) to lure victims into entering usernames, passwords and OTPs.
Send SMS/Email impersonating bank notifying: "Account locked", "Annual fee deducted", "Need re-verification".
Include a link in the message (e.g., vietcombank-verify.vip) asking to access to resolve.
Victim clicks link, sees interface exactly like real bank web, proceeds to login.
Scammer collects Username and Password victim just entered. Then asks for OTP.
With OTP, scammer logs into real account and transfers all money away.
"Phishing" Process
SMS, Email, Zalo
Send fake website link
Bank users
Access lost, money lost
Typical identifying signs
Domain not official (e.g., .vip, .top, .cc instead of .vn, .com.vn). Often misspelled or extra characters.
Notification account locked, money deducted, require immediate verification.
Website asks to enter all info including card PIN, OTP right on homepage.
Scam message can be in same thread with real bank messages (due to fake BTS station tactic).
One click can cost a fortune.
Fake Web
Click Rate
Fake SMS
Anyone using online banking services is a potential target.
TECHWhy scam messages appear in the same thread as real bank messages?
WARNINGCommon scare tactics scammers use to steal information.
GUIDETips to scrutinize links to distinguish real from fake before clicking.