NCB ISSUES WARNING ON FRAUDULENT SCHEME OF BANK ACCOUNT TAKEOVER VIA SIM SWAP

According to alerts from information security monitoring agencies, a phishing campaign is currently targeting telecommunications users in Vietnam. Malicious actors exploit loopholes in SIM replacement (SIM Swap) procedures at certain telecom service points to take control of victims’ phone numbers, thereby conducting financial fraud.

I. Common attack methods

The perpetrators typically follow these steps:

1. Collect personal information

Collect data such as full name, phone number, Citizen Identity Card number, and banking information of victims through various sources.

2. Request SIM replacement (SIM Swap)

Exploit telecom service points or agents with inadequate verification processes to request a replacement SIM for the victim’s phone number.

3. Take control of SMS/OTP reception

Once the new SIM is activated, the victim’s original SIM will lose signal. From that point, the perpetrators can receive calls and SMS messages, including OTP codes.

4. Attempt to access bank accounts

The perpetrators may use password reset features or SMS OTP-based authentication methods to attempt login to bank accounts.

5. Conduct unauthorized fund transfers

If a bank’s security system relies solely on SMS OTP, perpetrators may exploit this to perform fraudulent transactions.

II. Assessment at NCB

NCB has reviewed its security systems and affirms that customers’ accounts cannot be compromised solely through SIM Swap methods.

Specifically, when logging in or activating the application on a new device, NCB’s system requires multiple layers of authentication simultaneously, including:

* OTP authentication sent via SMS

* eKYC authentication

* Chip-based Citizen Identity Card (tap chip) authentication

Therefore, even if perpetrators gain control of SMS OTP through SIM replacement, they still cannot complete the login or new device activation process without the customer’s chip-based Citizen Identity Card.

III. Recommendations for customers

To ensure maximum security, NCB recommends that Customers:

* Do not provide OTPs, passwords, personal information, or Citizen Identity Card details to anyone.

* Immediately contact the telecom service provider if abnormal signal loss is detected.

* Immediately contact NCB if any unusual signs related to bank accounts are detected.

* Do not install applications from unknown sources or access suspicious links.

IV. NCB’s commitment

NCB continuously monitors fraud risks and regularly upgrades its security systems to ensure maximum protection of customers’ assets and information.

For any suspected fraud or assistance, Customers are kindly requested to contact NCB Customer Service Center (24/7 hotline): 1800 6166 – 028 38216 216 for timely support.

Sincerely appreciated.