Tag: security

Phishing attack at its ultimate form in Asia

Here is a poster in Vietnam that every buildings have to place to warn citizen about online scammer. Scammers now are tech + government powered criminals, well funded and well-organized !

Above poster lists popular tricks that have been used by scammer for decade and caused extreme financial damage to citizen. Below is a summary on what happened and existing solutions at the end of this post

Impersonate bankers

Scammers pretend to be bank employees, using forged caller IDs or fake emails to convince victims that their accounts have problems or suspicious activity. They pressure people to provide OTPs, passwords, or transfer money to “secure accounts,” exploiting the victim’s fear of losing funds.

Love trap on social networks

Criminals create fake profiles on Facebook, Zalo, or dating apps, using attractive photos and sweet messages to build emotional bonds. After gaining trust, they fabricate emergencies, travel problems, or gifts stuck at customs and ask the victim to send money to “help.”

Impersonate telecommunication officer

Fraudsters pose as telecom staff claiming your SIM will be locked, your number is involved in illegal activity, or you must update customer information. They then guide victims to provide ID details or install malicious apps that allow remote control of the phone.

Fake Sim 4G upgrade

Scammers contact victims saying their SIM card needs to be upgraded to 4G/5G and ask for OTP verification. When the victim shares the OTP, the scammer hijacks the phone number, enabling them to reset banking passwords and steal funds.

Recruit Partner

These scams offer “partnership” opportunities with fake companies or online stores. Victims are promised high profits or commissions, but after investing money, they cannot withdraw earnings, or the scammers disappear entirely.

Impersonate Social Insurance

Scammers claim to be from the social insurance authority, saying the victim has unpaid contributions, benefits problems, or involvement in illegal records. They create panic and manipulate victims into sharing personal data or making payments.

Impersonate charity

Fraudsters pose as charity organizations, exploiting compassion by collecting “donations” for fake causes such as medical emergencies, disaster relief, or orphan support. The collected money goes directly to the scammers’ accounts.

Gambling

Many scams involve illegal online betting sites. Victims are lured with promises of guaranteed wins or insider tips. After depositing money, the site manipulates the results or locks the account, making withdrawal impossible.

Impersonate Financial Organization

Scammers pretend to be from loan companies or investment firms, offering high returns or easy loan approval. They require “processing fees,” “insurance,” or initial deposits—after receiving the money, they vanish.

Forced loan

Victims is transferred an amount of money from strangers. Then strangers call them and tell that it is borrowed from black credit firms, and threaten that if they do not pay, they can come with force.

Fake Crypto Trading Platform

Fraudulent crypto apps or websites show manipulated profit charts to convince victims they are earning money. When victims deposit larger amounts, withdrawals are blocked, and the platform disappears.

Recruit house cleaner

Scammers post fake job ads for housekeeping, offering high salaries. Applicants are then asked to pay “training fees,” “uniform fees,” or deposits for tools. Once paid, the job offer is withdrawn and the scammer disappears.

Buy / sell on digital platforms

In online marketplaces, scammers sell products they never deliver, or buy goods and send fake payment receipts. Some also lure victims into sending deposits to “hold” an item, then immediately block them.

Missions via strange apps

Victims are assigned “simple online tasks” such as liking posts or rating products, with small initial payouts. Later, the tasks require larger deposits to continue earning, and once enough money is collected, the scammers cut off contact.

Clone Facebook account

Fraudsters impersonate the victim by cloning their facebook account, asking friends and family to send emergency money or mobile card codes. Others use the hacked account to run ads or steal linked personal information.

Impersonate government officers

Scammers masquerade as police, prosecutors, or tax officials, claiming the victim is involved in money laundering, tax evasion, or criminal cases. They use intimidation to force victims into transferring money to “verify” or “clear” their records.

Fake jackpot / gift

Victims receive messages claiming they’ve won a prize, iPhone, or overseas gift package. To claim it, they must pay customs fees or taxes. After sending the money, the supposed prize never arrives.

Terrorism via phone calls

Some scammers make threatening calls pretending to be criminals or debt collectors. They use fear—claiming harm, kidnapping, or legal consequences—to force victims to transfer money quickly without thinking.

Impersonate law firms

Scammers pose as lawyers claiming there is a lawsuit, unpaid debt, or urgent legal issue. They pressure victims to pay consulting fees or settlement amounts immediately to avoid prosecution.

Terribly, this keeps going on, at least at the moment of this post, regardless many effort from Vietnam, Korea, Singapore, etc polices. Because it is backed by some other governments, it is really hard to eliminate them all.

Well-organized criminal networks

Scam centers in Cambodia are hard to destroy because they are often backed by well-organized criminal networks that operate across multiple countries. These groups have resources, connections, and the ability to relocate quickly when law enforcement pressure increases. Their cross-border structure makes it difficult for any single government to completely shut them down.

Corruption & weak enforcement

Another reason is the presence of corruption and weak enforcement in certain regions. Some scam compounds operate in areas where local authorities have limited oversight or where bribery and influence allow criminals to continue operating with minimal interference. Even when raids happen, the networks frequently rebuild in nearby locations or migrate to neighboring countries.

Many scam centers also hide behind the facade of legal businesses, such as casinos, entertainment centers, or investment companies. These fronts make investigations more complicated because law-enforcement agencies need strong evidence before taking action. Criminals exploit this ambiguity to stay operational for long periods.

Human trafficking victims

Additionally, these scam operations rely on a steady supply of human trafficking victims brought in from various countries. Victims are forced to work under threats, making the operations difficult to expose. Because the workers are often imprisoned and isolated, reliable information rarely reaches the outside world, slowing down international rescue efforts.

High profitability and Low traceability

Finally, global factors contribute to their persistence. The rapid rise of online scams, cryptocurrency, and digital anonymity provides scam centers with high profitability and low traceability. As long as these operations generate massive revenue with relatively low risk, shutting them down completely requires coordinated international action—something that remains complex and slow.

Solutions

So looks like that citizens have to protect themself before government get things done.

And below is some protection tactics that can be observed in Vietnam

Community-based reporting website

chongluadao.vn

Chongluadao.vn is a Vietnamese cybersecurity initiative that maintains a large database of verified scam websites, phishing pages, and fake online services. It allows users to check whether a link is safe and relies heavily on community submissions to keep its blacklist updated. It focuses on suspicious urls and websites. User can search for past reports to know whether a page is scam.

trangtrang.com

TrangTrang.com is another platform supporting community reporting of suspicious phone numbers. It focuses on gathering public complaints about calls. Users can search past reports before pick up a call, helping them avoid risks.

Firewalls on smartphone

Smartphone Firewalls can act as a digital shield that monitors network traffic to detect and block malicious connections. Unlike antivirus software that only reacts after threats appear, firewalls proactively prevent dangerous apps or websites from communicating with scam servers. They help stop phishing pages, data exfiltration, and suspicious background activities. This makes them especially useful in preventing scams delivered through fake apps or hidden links.

SafePhone (Firewall for smartphone)

SafePhone is a specialized mobile firewall designed to filter both internet traffic and incoming call threats. It can block incoming calls from known scam numbers. It also can prevent users to access scam websites when tapping urls on messengers. By putting blacklists right on user’s smartphone, it helps users defend against risks more seamlessly without frequently looking up on other websites.

Browser Extensions

Browser extensions can add an additional security layer directly inside the user’s web browser. They can warn about dangerous websites before loading, block trackers, stop pop-ups, and identify phishing attempts. Extensions with anti-scam features check every website against a global blacklist and use heuristics to detect fake login pages or fraudulent shopping sites. This type of protection is crucial because most scams start with a single click on a malicious link.

chongluadao.vn

Chongluadao.vn offers a browser extension that automatically warns users whenever they visit a suspicious or reported scam site.

SafePhone

SafePhone includes a feature called SafeBrowser. SafeBrowser is a secure browsing mode inside the SafePhone ecosystem. It routes traffic through SafePhone’s protection filters, blocking malicious domains and preventing users from accidentally accessing scam websites. This controlled environment is especially useful for elderly users, children, or anyone who prefers a safe but still simple browsing experience.

Security incident 2023 …

News goes old and lessons usually be forgotten. Below is some incidents happened in cyber battlefield for a feel of 2023 – a drama year.

CompanyDomainBreached DataMoneyAttack vector
iRentcar rental– millions of partial credit card numbers
– at least 100,000 customer identification documents		N/Athe database has no password
Yes MadamSalon platform– customers’ location data
– user device details,
– IMEI numbers of ~900,000 users		N/Athe database has no password
PeopleGrovesocial platform for higher education institutions and alumni networks– gigabytes of personal information: email addresses, phone numbers, addresses, details of university achievements and scores, and resumes containing detailed work histories and employment detailsN/Athe database has no password
Proskauer Roseinternational law– private and privileged financial and legal documents, contracts, non-disclosure agreements, financial deals and files relating to high-profile acquisitions.N/Amisconfiguration
AvidXchangeautomate invoice processing and payment management processes– employee payroll information
– corporate bank account numbers.		N/Aeasily guessable passwords
ToyotaManufacture– data of 2 millions customersN/Amisconfiguration
FerrariSupercar Manufacturer– 7GB of documents, data sheets and repair manuals.N/ARansomware
LogicMonitornetwork security– data of a small number customersN/Ause of default password
MicrosoftAI– accidentally exposed tens of terabytes of sensitive data, including private keys and passwordsN/Apublishing a storage bucket of open source training data on GitHub.
Tesla– 75,000 company employees personal informationN/Atwo former employees leaked
MicrosoftEmail– a key that allowed to stealthily break into dozens of email inboxes, including those belonging to several federal government agencies.N/AUnknown
Crema FinanceCrypto$9 million in cryptocurrencyethical hacker turning rogue
Taiwan Semiconductor ManufacturingChipMaker$70 million ransom demandLeaked setup information
RedditSocial Network– 80+ gigabytes of compressed dataN/A“highly-targeted” phishing attack
T-MobileTelecom– personal data belonging to 37+ million customers.N/Asocial engineering +
SIM swap
TwitterSocial Network– 400+ million email addresses and phone numbers N/Aa security bug
MailChimpEmail– 400+ accounts mostly of cryptocurrency and finance-related accountsN/Asocial engineering
OktaIdentity– 134 organizations dataN/Astolen credentials
TruepillPharmacy Fulfillment– 2.3+ million patients personal dataN/Apoor security design
Perry Johnson & AssociatesHealthcare~9 million patients dataN/AUnknown
IntellihartxPatient payment half a million people’s personal and health informationN/AMOVEit (1)
PharMericaPharmacy– 5.8 million personal informationN/AMOVEit (1)
HCA Healthcarehealthcare– 11 million patients’ dataN/AUnknown
Enzo Biochembiotechnology – 2.5 million patients’s clinical test informationN/ARansomware (2)
Managed Care of North AmericaDental– 8.9 million clients dataN/AUnknown
NextGen Healthcareelectronic health record software– 1.05 million patients personal dataN/ARansomware (2)
IlluminaDNA sequencing devices– Can alter test result in devicesN/ACVE-2023-1968
Maternal & Family Health ServicesHealthcare– 461,070 personal data of patients, employees and vendorsN/AUnknown
23AndMeGenetic testing– 6.9 million user data recordsN/AUnknown
WelltokPatient Engagement– 8 million personal dataN/AMOVEit (1)
McLaren Health CareHealthcare– 2.2 million patients sensitive personal and health informationN/ARansomware (2)
Performance Health TechnologyData Management Services– 1.7 million Oregon citizens health informationN/AMOVEit (1)
Colorado Department of Health Care Policy and FinancingHealthcare– 4 million patients dataN/AMOVEit (1)
HCA HealthcareHealthcare– 11 million patients’ dataN/AUnknown
SabreTravel booking– 1.3 terabytes of data on ticket sales, passenger turnover, employees’ personal data, corporate financial information.N/ARansomware (2)
See TicketsGlobal Ticketing– customers’ credit card informationN/ACredit Card Skimming Malware
MGM ResortsHotel & Casino– unspecified amount of customers’ personal information
– ATM shut down
– Website offline		~ $100 millionRansomware
Caesars EntertainmentHotel & CasinoN/A$30 million demandedRansomware
Motel OneHotel– 50 credit cards dataN/ARansomware
RadissonHotelN/AN/ARansomware
Fidelity National Financialreal estate servicesvirtually froze all the company and its subsidiaries’ activitiesN/AUnknown
Mr. Coopermortgage and loan– unknown amount of ~4 million usersN/AUnknown
1st Source BankBankN/AN/AMOVEit
Hatch Bankfintech infrastructure – 140,000 customers SSN N/ACVE-2023-0669
FlutterwaveStartupN/Alost ~$4.2 million in the accountsUnknown
Euler FinanceFinanceN/A~ $197 million in crypto theft
– 1.3M USD gone		“in a flurry of transactions” (3)
AT&T email addresses.Mail– customers account compromised$15 – $20 million crypto stolen.Unknown
MixinCryptoN/A~ $200 million stolenUnknown
Mom’s MealsFood– 1.2+ million individuals dataN/ARansomware
NationBenefitssupplementary benefits– 7,100+ residents personal dataN/ARansomware
Yum Brandsfast-food chains~ 300 UK restaurants dataN/AUnknown
Forever 21Clothing500.000+ individuals dataN/ARansomware
ByjuedtechN/AN/Amisconfiguration
Electoral Commissionoverseeing elections~ 40 million U.K. voters dataN/A“complex cyberattack.”
Ofcom412 employees dataN/AMOVEit
JumpCloudAccess managementa “small and specific” set of customers.N/AUnknown
ShellOilterabyte of logging dataN/AMOVEit
Dishsatellite television – 300,000 personal informationN/AUnknown
SchoolDudeorder management system– 3M SchoolDude user accountsN/AUnknown
AtlassianSaaSN/AN/ACVE-2023-22515
ShadowGame– 530,000 customers dataN/Aadvanced social engineering
CCleanerTools– 2% usersN/AMOVEit
BoeingAerospaceN/AN/ARansomware
National Aerospace LaboratoriesAerospace– eight purportedly stolen documents ( confidential letters, an employee’s passport internal documents)N/ARansomware
Zhefenglee-commerce– millions of Chinese citizen identity numbers
from 3.3 million orders		N/AUnknown
A network of knockoff apparel storesStore– 330,000 credit card numbers, cardholder names, and full billing addressesN/AUnknown
ODIN IntelligenceApplications for policesLeaked files reveal tactical plans for police raids, surveillance and facial recognitionN/AUnknown
LastPassPassword managercustomers’ encrypted password vaultsN/AUnknown
British LibraryLibrary– website offline
~490,000 user data		N/ARansomware
2023 security incidents sample