Category: Beginner

Can be consumed by developers at beginner state

Phishing attack at its ultimate form in Asia

Here is a poster in Vietnam that every buildings have to place to warn citizen about online scammer. Scammers now are tech + government powered criminals, well funded and well-organized !

Above poster lists popular tricks that have been used by scammer for decade and caused extreme financial damage to citizen. Below is a summary on what happened and existing solutions at the end of this post

Impersonate bankers

Scammers pretend to be bank employees, using forged caller IDs or fake emails to convince victims that their accounts have problems or suspicious activity. They pressure people to provide OTPs, passwords, or transfer money to “secure accounts,” exploiting the victim’s fear of losing funds.

Love trap on social networks

Criminals create fake profiles on Facebook, Zalo, or dating apps, using attractive photos and sweet messages to build emotional bonds. After gaining trust, they fabricate emergencies, travel problems, or gifts stuck at customs and ask the victim to send money to “help.”

Impersonate telecommunication officer

Fraudsters pose as telecom staff claiming your SIM will be locked, your number is involved in illegal activity, or you must update customer information. They then guide victims to provide ID details or install malicious apps that allow remote control of the phone.

Fake Sim 4G upgrade

Scammers contact victims saying their SIM card needs to be upgraded to 4G/5G and ask for OTP verification. When the victim shares the OTP, the scammer hijacks the phone number, enabling them to reset banking passwords and steal funds.

Recruit Partner

These scams offer “partnership” opportunities with fake companies or online stores. Victims are promised high profits or commissions, but after investing money, they cannot withdraw earnings, or the scammers disappear entirely.

Impersonate Social Insurance

Scammers claim to be from the social insurance authority, saying the victim has unpaid contributions, benefits problems, or involvement in illegal records. They create panic and manipulate victims into sharing personal data or making payments.

Impersonate charity

Fraudsters pose as charity organizations, exploiting compassion by collecting “donations” for fake causes such as medical emergencies, disaster relief, or orphan support. The collected money goes directly to the scammers’ accounts.

Gambling

Many scams involve illegal online betting sites. Victims are lured with promises of guaranteed wins or insider tips. After depositing money, the site manipulates the results or locks the account, making withdrawal impossible.

Impersonate Financial Organization

Scammers pretend to be from loan companies or investment firms, offering high returns or easy loan approval. They require “processing fees,” “insurance,” or initial deposits—after receiving the money, they vanish.

Forced loan

Victims is transferred an amount of money from strangers. Then strangers call them and tell that it is borrowed from black credit firms, and threaten that if they do not pay, they can come with force.

Fake Crypto Trading Platform

Fraudulent crypto apps or websites show manipulated profit charts to convince victims they are earning money. When victims deposit larger amounts, withdrawals are blocked, and the platform disappears.

Recruit house cleaner

Scammers post fake job ads for housekeeping, offering high salaries. Applicants are then asked to pay “training fees,” “uniform fees,” or deposits for tools. Once paid, the job offer is withdrawn and the scammer disappears.

Buy / sell on digital platforms

In online marketplaces, scammers sell products they never deliver, or buy goods and send fake payment receipts. Some also lure victims into sending deposits to “hold” an item, then immediately block them.

Missions via strange apps

Victims are assigned “simple online tasks” such as liking posts or rating products, with small initial payouts. Later, the tasks require larger deposits to continue earning, and once enough money is collected, the scammers cut off contact.

Clone Facebook account

Fraudsters impersonate the victim by cloning their facebook account, asking friends and family to send emergency money or mobile card codes. Others use the hacked account to run ads or steal linked personal information.

Impersonate government officers

Scammers masquerade as police, prosecutors, or tax officials, claiming the victim is involved in money laundering, tax evasion, or criminal cases. They use intimidation to force victims into transferring money to “verify” or “clear” their records.

Fake jackpot / gift

Victims receive messages claiming they’ve won a prize, iPhone, or overseas gift package. To claim it, they must pay customs fees or taxes. After sending the money, the supposed prize never arrives.

Terrorism via phone calls

Some scammers make threatening calls pretending to be criminals or debt collectors. They use fear—claiming harm, kidnapping, or legal consequences—to force victims to transfer money quickly without thinking.

Impersonate law firms

Scammers pose as lawyers claiming there is a lawsuit, unpaid debt, or urgent legal issue. They pressure victims to pay consulting fees or settlement amounts immediately to avoid prosecution.

Terribly, this keeps going on, at least at the moment of this post, regardless many effort from Vietnam, Korea, Singapore, etc polices. Because it is backed by some other governments, it is really hard to eliminate them all.

Well-organized criminal networks

Scam centers in Cambodia are hard to destroy because they are often backed by well-organized criminal networks that operate across multiple countries. These groups have resources, connections, and the ability to relocate quickly when law enforcement pressure increases. Their cross-border structure makes it difficult for any single government to completely shut them down.

Corruption & weak enforcement

Another reason is the presence of corruption and weak enforcement in certain regions. Some scam compounds operate in areas where local authorities have limited oversight or where bribery and influence allow criminals to continue operating with minimal interference. Even when raids happen, the networks frequently rebuild in nearby locations or migrate to neighboring countries.

Many scam centers also hide behind the facade of legal businesses, such as casinos, entertainment centers, or investment companies. These fronts make investigations more complicated because law-enforcement agencies need strong evidence before taking action. Criminals exploit this ambiguity to stay operational for long periods.

Human trafficking victims

Additionally, these scam operations rely on a steady supply of human trafficking victims brought in from various countries. Victims are forced to work under threats, making the operations difficult to expose. Because the workers are often imprisoned and isolated, reliable information rarely reaches the outside world, slowing down international rescue efforts.

High profitability and Low traceability

Finally, global factors contribute to their persistence. The rapid rise of online scams, cryptocurrency, and digital anonymity provides scam centers with high profitability and low traceability. As long as these operations generate massive revenue with relatively low risk, shutting them down completely requires coordinated international action—something that remains complex and slow.

Solutions

So looks like that citizens have to protect themself before government get things done.

And below is some protection tactics that can be observed in Vietnam

Community-based reporting website

chongluadao.vn

Chongluadao.vn is a Vietnamese cybersecurity initiative that maintains a large database of verified scam websites, phishing pages, and fake online services. It allows users to check whether a link is safe and relies heavily on community submissions to keep its blacklist updated. It focuses on suspicious urls and websites. User can search for past reports to know whether a page is scam.

trangtrang.com

TrangTrang.com is another platform supporting community reporting of suspicious phone numbers. It focuses on gathering public complaints about calls. Users can search past reports before pick up a call, helping them avoid risks.

Firewalls on smartphone

Smartphone Firewalls can act as a digital shield that monitors network traffic to detect and block malicious connections. Unlike antivirus software that only reacts after threats appear, firewalls proactively prevent dangerous apps or websites from communicating with scam servers. They help stop phishing pages, data exfiltration, and suspicious background activities. This makes them especially useful in preventing scams delivered through fake apps or hidden links.

SafePhone (Firewall for smartphone)

SafePhone is a specialized mobile firewall designed to filter both internet traffic and incoming call threats. It can block incoming calls from known scam numbers. It also can prevent users to access scam websites when tapping urls on messengers. By putting blacklists right on user’s smartphone, it helps users defend against risks more seamlessly without frequently looking up on other websites.

Browser Extensions

Browser extensions can add an additional security layer directly inside the user’s web browser. They can warn about dangerous websites before loading, block trackers, stop pop-ups, and identify phishing attempts. Extensions with anti-scam features check every website against a global blacklist and use heuristics to detect fake login pages or fraudulent shopping sites. This type of protection is crucial because most scams start with a single click on a malicious link.

chongluadao.vn

Chongluadao.vn offers a browser extension that automatically warns users whenever they visit a suspicious or reported scam site.

SafePhone

SafePhone includes a feature called SafeBrowser. SafeBrowser is a secure browsing mode inside the SafePhone ecosystem. It routes traffic through SafePhone’s protection filters, blocking malicious domains and preventing users from accidentally accessing scam websites. This controlled environment is especially useful for elderly users, children, or anyone who prefers a safe but still simple browsing experience.

Software developer pathways

Target audience : People with intent to be a software developer

Let’s skip the part of reasons and motivations that make you decide to be a developer, it’s maybe your interesting, or it’s just about money, or the life just pushes you to, etc , this post is to give you some guideline to go on this road.

Developers is likely heroes in games you play. What skill that hero should have, how to level up, which criteria to put points to after level up, which bosses to defeat and the most important thing is whether you understand the story behind the game you are playing, to enjoy it !

Let’s start with the story of developer

Software Developer world map

Developers, software developers is to create applications to solve real life problems to serve human need. Finding the need is a difficult task too and it deserves to discuss in another post.

There are many kind of applications. Names of application kinds depends on where it run and how it run. It is up to you to choose to follow one or many.

  • Desktop application : Applications that run on computer / laptop with UI for user to interact with
  • Web application : Applications that put in a server and you access by using web browsers. There is 2 parts of a Web application called Client side & Server side. Technology used in each side is different too.
  • Mobile application : Applications that run on mobile phones, now include Android & iOS
  • iOT application : Applications that run on multiple devices connected to each others in some network model

Imagine this is hero class selecting phase of the game you gonna play. Let thanks god because you don’t have to name your character :)). But each kind of application requires you to use appropriate tool sets.

There is another kind of define developer class when model client-server application model is dominant nowaday, it is :

  • Front-end developer : Is ones who take care of Graphical User Interface (GUI) for user to interact with. It includes Desktop Application, Mobile Application and the client side of Web Application
  • Back-end developer : Is ones who take care of something like system architecture, database, etc, things that are not visible to normal users.

To create any application, you are required to know

  • A programing language for your kind of application
  • A Integration Development Environment (IDE)
  • A framework or libraries for your kind of application
  • A database for your kind of application
  • A package management tool for your kind of application
  • Know how to deploy/release your kind of application
  • Know how to test your applications

Languages

Programing language is your weapon. It will determine which kind of application you can make. Below is the most popular languages at the moment of this post

  • Java : well-known as a cross platform language, Java can be used to create desktop application, server-side of web applications, Android applications
  • C# : for Desktop applications on Window
  • Javascript, HTML, CSS : This combo is essential for client-side of web application
  • Python : good for build tools but also good to build Web application
  • NodeJS : built upon Javascript, well-known for server-side of web application
  • Kotlin : well-known for Android development and as a replacement for Java in mobile world
  • Object-C, Swift : well-known for iOS development
  • PHP : well-known for decades in web application development

A lot of languages right ! Everyone wonders which is better than others. The answer is none. Each language has its own benefits and use cases that we will discuss later. And nowaday, it is very normal that a developer can use more than 1 language.

IDE

IDE is the software built for developers, to make their life easier when dealing with common problems while writing code:

  • Remember syntaxes
  • Remember boilerplate codes
  • Command lines
  • Compile code, debug & run
  • Setup environment
  • Search usages of a function or varible
  • Search a piece of code / text among a bunch of files in a project
  • Organize project
  • Format your code for readability
  • ….

The most of IDE provide features like code suggestion or auto complete to that help you type faster and more correct and more readable, to avoid most of typo mistakes. They also have excellent text searching feature that really helpful for troubleshooting problems with your code. Some advance IDEs even can suggest you what need to do and what to do next in what you are doing. And debugging support, this one will save you a lot of time – sometime you have no idea what you are writing, trust me :)), debugging is the only way to figure out. Below is the most advances IDEs currently :

  • IntelliJ : the best at my point of view, but it is not free. But you may find some crack somewhere :))
  • NetBean : Free, very equal to IntelliJ
  • Visual Studio : Free, most popular IDE, usually used in academic courses
  • Android Studio : Dedicated for Android developing
  • XCode : Dedicated for iOS developing

Learning to use a IDE may take time too but it is worthy. It helps you more efficient and look professional too.

Framework / Libraries

Language is weapon but know how to use weapon deadly is matter too. Imagine it is likely that why you need to learn kung-fu while you have arms & legs already. Framework is built by top level developers and it is embedded with programing experience in decades. It provides ready to use structural solutions in for very common programing problems , kinda of best practices. A little different from framework, Library is a set of tools that help you solve programing problems but not strict in a predefine structure like a framework, you are the one who are responsible for that structure. Below is some most popular nowaday framework/ libraries. The popularity here depends on the demand on job market : (the order is no meaning)

  • JavaFX : built from Java, for Desktop application
  • .NET : built from C# ,well-known good to build Desktop application, but it also can build Mobile Application, Web Application and iOT application too.
  • Spring : built from Java, for server-side of Web application
  • ExpressJS : built from NodeJS, for server-side of Web application
  • ReactJS, AngularJS, VueJS : built from Javascript, for client-side of Web application
  • Android Studio itself contains a framework to develop Android application
  • XCode itself contains a framework to develop iOS application
  • Laravel : built from PHP, for Web application
  • Django : built from Python, for Web application

Database

Database to store data. Depend on your purpose , it can be the most advanced storing technology or just simple files.

Below is some popular database technologies to learn about database for Web application:

  • SQL : Typical relational database.
    Relational database means it requires data to be stored in a structural way, with clear relationships between them. SQL offers a strong transactional query (that we will learn later) that ensure consistency of data.
    – SQL is a good candidate for applications that dignify the data consistency over other features ( like banking system, accounting system for example ).
  • MongoDB : Typical Non-relational database (NoSQL), easy to scale but requires extra setup effort.
    – MongoDB can be a great choice if you need scalability and caching for real-time analytics; however, it is not built for transactional data.
    – MongoDB is frequently used for mobile apps, content management, real-time analytics, and applications involving the Internet of Things. If you have a situation where you have no clear schema definition, MongoDB can be a good choice.
  • PostgreSQL : like SQL but more advanced with additional features.
  • Couchbase : NoSQL type, with Sync Gateway allowing to synchronize data between server and client side seamlessly. If you need an application with realtime data update, Couchbase can be a good choice
  • Cassandra : NoSQL type, support scaling out-of-the-box. If you need a database that is easy to setup and maintain regardless of how much your database grows, Cassandra can be a good option. If you work in an industry where you need rapid growth of your database, Cassandra offers easier rapid growth than MongoDB.

Databases for Web application are usually hosted in dedicated server for best performance to serve from hundreds to millions requests per minute

Different from Web application databases, Client side applications like Desktop application or Mobile application require more lightweight solutions to store data locally. Data that client side applications store usually are application settings, user preferences, static data, cache data from remote database (if it has a server side), etc

  • SQLite : SQL type
  • Realm : NoSQL type and faster than SQLite in common operations
  • Couchbase Lite : a counter part with Couchbase database in server side, with builtin sync features

Thanks to community , each language today has it own libraries to interact with databases. Unlike language, you should know more than 1 type of databases, at least 1 in SQL type and 1 in NoSQL type to feel different ways to solve a problem.

Package management tool

Building an application means solving a lot of problems. Thanks to community, the world of open source, most of problems are solved and packaged out there. When you build an application, you always need a few or a lot of them.

To manage the structure of the project and to bring more autonomous to application building process, each language usually has its own package manager tool(s) to :

  • Install/Update/Uninstall packages
  • Create a building cycle of the application for continuous development and integration
  • Manage project structure in consistent way but easy to expand too

Below is some Package management tools for each language :

  • For Java application : Maven
  • For Android application : Gradle
  • For Javascript application : NPM
  • For HTML & CSS : Bower
  • For PHP application : Composer
  • For Python application : pip
  • For C# : NuGet

Deploy/Release process

This is the critical phase of building an application. It is bring what you build to the real world, where people can access it, and use it. It depends on kind of application that we use term deploy or release. If you are building the server-side application, we use term deploy, because you are going to send your application to a server, to execute. And if you are building the client-side application , like Desktop app or Mobile app, we use term release.

  • Android & iOS applications have its own release processes that you can find in official documents of them. IDEs usually support application release process . Then you have to learn the process to uploading your applications to Play Store (for Android) and Apple store (for iOS)
  • Desktop application is easiest, the version you build while developing can be used as release version already. Your next work is to introduce it to your customer
  • Deployment process is more complicated. Because the server is mostly run on Linux OS nowaday, it is very recommended to learn how to operate a Linux OS, at least know how to connect to a remote Linux server via SSH & execute command lines when a tutorial asks you to do. More detail about Linux will be in another dedicated post. It depends on the language or the technology you choose that has a different deploy process. We will mention in another posts case by case.

Test your application

Last but not least, testing your application before delivering to the real world is an important phase that make sure you don’t disappointed people or lost customers.

The most basic technique of testing is manual test. Yes, you try your application in every cases and every ways can have to make sure it does not crash.

The more advanced technique is automation test, where you write code to simulate every use cases with your applications. This way is more professional, and more efficient, but also more skill to be required.

In automation test, there is a few sub kinds too. I name here only kinds I mostly use :

  • Unit test : is to test the correctness of functions or a set of functions.
  • Integration test : is to test the correctness in functioning of a group of components of your applications. In integration test, you have to simulate every actions in UI to interact with the application

To learn about automation test, below is some libraries for doing test in languages :

  • JUnit : Unit test library to test Java program
  • Chai & Mocha : Unit test library to test Javascript program
  • PHPUnit : Unit test to test PHP program
  • unittest : Unit test library to test Python program
  • Selenium : great tool to do integration test for Web application. It is a browser basically but controlled by developers
  • AutoIt, Appnium : great too to do integration test for Desktop application
  • Espresso : included in Android Studio, to do integration test for Android application
  • XCUITests : included in XCode, to fo integration test for iOS application

Wrap it up

You may concern that why iOT application is rarely mentioned in above lists. It is because iOT application includes many applications in many devices. Depends on what kind of device, you may choose yourself any tool above to develop. For example, You may have a phone to control electric circuit in your house, so you have to develop an Android application and a Java application on the device controlling the circuit, a Rasperri Pi for example.

To wrap it up, I note down below some popular skill sets currently for you upcoming hero to choose:

  • Web application in Java : Linux, Java, Servlet, Maven, JUnit, Selenium, ReactJS, HTML, CSS, PostgreSQL
  • Web application in Javascript : Linux, NodeJS, ExpressJS, NPM, Mocha, Chai, HTML, CSS, ReactJS, Selenium, MongoDB / Couchbase
  • Web application in PHP : Linux, PHP, Laravel, HTML, CSS, Javascript, PHPUnit, Selenium, SQL / PostgreSQL
  • Android application : Kotlin, Gradle, Expresso, Realm / Couchbase Lite
  • iOS application : Swift, XCUITest, Realm / Couchbase Lite

To proficient in any skillset is time consuming, it can take you years but don’t worry, most of companies don’t require you to master all of this before applying for a job unless you are applying for Senior position. Most of times, people master their skill via their job. So keep learning and learn in the right track