Vietnam’s e-commerce overshadowed by VND500 million phishing case
A series of phishing attacks in which bank account owners lost billions of dong have cast a shadow on Vietnam’s e-commerce market, estimated to have total value of US$4 billion.
Under the e-commerce development plan in 2016-2020 approved by the Prime Minister, 50 percent of businesses would have websites by 2020, while 80 percent of businesses place or receive orders with e-commerce apps.
In the next four years, the B2C (business to customer) e-commerce revenue may reach $10 billion, while the value of online shopping would reach $350 per head, double the amount in 2015.
E-commerce with non-cash payments is the goal of the government.
However, the incidents which occurred in recent months have made people anxious.
Just within one month, phishing attacks occurred, including one to Vietnam Airlines, with information about 400,000 loyal clients of the nation’s flag air carrier, and incidents related to Vietcombank’s card holders.
Hackers appropriated VND200 million from the account of Hoang Thi Na Huong, a Vietcombank client, while they attempted to withdraw VND500 million.
Two other Vietcombank clients reported the loss of money just days later. Vu Thanh Phuong in HCM City reported that he lost VND17 million from transactions that he did not make.
Meanwhile, Quynh Nga in Bien Hoa City of Dong Nai province reported she lost 592 SGD after overseas transactions.
All three cases are still under investigation, and the reasons have not been made public officially. Meanwhile, explanations by banks about their decisions have been described as ‘unconvincing’.
Pham Quyen in Thanh Xuan district in Hanoi, who distributes specialty food from northwest provinces, said she regularly uses a credit account to make payment for ads on Facebook. However, after each transaction, she locks the online payment feature to prevent phishing.
Duong Ngoc Thai, a security engineer at Google, and two members of VNSEC, a well-known security forum in Vietnam, conducted technical testing on Vietcombank’s Smart OTP system and said they discovered a flaw. However, they said they were not sure it was the vulnerability the hackers exploited.
Meanwhile, Nguyen Quoc Cuong, head of the Information Technology & Added Value division of the Vietnam Post and Telecommunication Group (VNAT), said he did not think highly of Smart OTP protocol.
Cuong said that it was too easy to cheat clients by creating websites bearing domain names similar to banks’ official websites’ names.
In other countries, financial institutions buy all the domain names with similar names. But Vietnamese institutions still do not think of this.