On October 24, 2019, CyRadar’s CyRadar Intelligent Platform system detected phishing domain names impersonating VPBank:
The interfaces of these phishing sites are very similar to that of the real VPBank homepage.
If customers enters their username and password, it will lead to a fake OTP input page.
When customers enter OTP code, they will be deducted from their account immediately.
Although domain names were newly registered, they were immediately used to carry out the phishing campaigns. Some victims have received phishing messages as shown below.
New domain names will be analyzed daily by CyRadar’s AI system to evaluate whether they are phishing domain names or not.
After reviewing, the system will automatically put the domain name on the blacklist on VirusTotal.
In addition, the system also noted that there were many suspicious domain names for phishing activities, impersonating VPBank in the past 1 week:
Although not yet active (no website has been built yet), it is likely to be a fraud (Because the domain name setup is quite similar to the above 3 phishing domain names)
Advice for users:
Users should only enter the username, password and OTP code on the homepage of the bank. The homepage of VPBank is: https://vpbank.com.vn/
Always be careful with links that are received, especially those that are strange, attract or receive rewards.
Source: CyRadarRelated posts: