A warning was issued concerning hackers who specialise in phishing attacks that target users of 27 commercial banks and e-wallets. The Vietnam National Cyber Security Center (NCSC) has also predicted five prominent cyber-attack trends in 2021, including phishing attacks.
Monitoring systems recently discovered two IP server addresses used to place phishing websites. Since January 2021, 180 fake domain names have been found pointing to the two servers. The forged domain names assume the names of 27 banks in Vietnam and the most popular e-wallets as well as some domain names targeting social network users and gamers.
A list of IPs/ IP ranges marked as the source of spam e-mail distribution has been circulated and is periodically updated. Based on this list, organisations and individuals can prevent the spread of spam email.
As of October 1, 2020, a total of more than 1.15 million IP addresses have been blacklisted by the Department of Information Security for spam email distribution. In this latest update, more than 29,000 IP addresses were added to the blacklist.
Experts caution that cybercriminals are ramping up their operations, as the number of online transactions has increased on pre-Tet (Vietnamese New Year ) days.
One of the reasons for the warning has been the unforeseen spike in online activity since the Covid-19 pandemic. The almost-normal remote working / work-from-home routine has also increased the risk of cyber threats. Bad cyber actors have been looking to exploit the volume of information related to vaccines, government’s and organisations’ reactions and long-term e-trends of the pandemic to plan and mount phishing attacks.
With limited awareness of many users, the number of phishing attacks accounts for the largest proportion among three types of cyberattacks to information systems. The other two include Deface and Malware attacks in the last three years.
NCSC discovered 5,168 cyberattacks to information systems in Vietnam that caused incidents, including 1,778 phishing attacks. To avoid phishing attacks, experts have recommended users not to click abnormal links and thoroughly check the addresses of websites before entering passwords.
They also advised users to set OTP (one-time password) for email, bank and social network accounts, as well as equip their computers and smartphones with suitable security software to protect their devices.
Vietnam is taking its national cyber resilience and its safe digital landscape very seriously. OpenGov Asia had reported on Vietnam’s major cybersecurity initiatives over the last year. All government organisations have implemented the Security Operation Centre (SOC) and have technical connections with the National Counterintelligence and Security Centre.
Decree 91/2020 issued by the Prime Minister on combating spam messages, spam email and spam calls stipulate that the building and regular updating of the black-list of IP addresses that distribute spam emails is the task of the Information Security Administration and telecommunications and Internet service providers.
According to Decree 91/2020, advertisers are only allowed to send text messages, emails or make phone calls to users with prior consent for receiving advertisements. Advertisers are also not allowed to send more than 3 emails to one email address within 24 hours unless having an agreement with the user. Advertising e-mails must be labelled with information about advertisers, service charges, appropriate topics, and advertising contents must comply with the provisions of the law on advertising.
In case of violating regulations on advertising, spammers may be prevented and their e-addresses used to distribute telecommunications spam may be banned at the request of competent state agencies.
Previously, the Ministry of Information and Communications took strong measures to handle spam messages and calls. In the last 6 months of 2020, network operators prevented a total of 89,649 subscribers from spreading spam calls.