On October 24, 2019, CyRadar’s CyRadar Intelligent Platform system detected phishing domain names impersonating VPBank:

  • onlines-vpbanks[dot]com
  • online-vpbanking[dot]com
  • online-vpbank[dot]com

The interfaces of these phishing sites are very similar to that of the real VPBank homepage.

The interface of the fake page requires the user and password of the victim.

If customers enters their username and password, it will lead to a fake OTP input page.

The fake OTP page.

When customers enter OTP code, they will be deducted from their account immediately.

Although domain names were newly registered, they were immediately used to carry out the phishing campaigns. Some victims have received phishing messages as shown below.

Phishing messenger.

New domain names will be analyzed daily by CyRadar’s AI system to evaluate whether they are phishing domain names or not.

Visit https://phishing-check.cyradar.com/ to check whether a domain name is a phishing or not.

After reviewing, the system will automatically put the domain name on the blacklist on VirusTotal.

CyRadar detected phishing domain names very early.

In addition, the system also noted that there were many suspicious domain names for phishing activities, impersonating VPBank in the past 1 week:

  • sinhnhatvpbank[dot]com
  • sinhnhatvpbanks[dot]com
  • sinhnhat-vpbank[dot]com

Although not yet active (no website has been built yet), it is likely to be a fraud (Because the domain name setup is quite similar to the above 3 phishing domain names)

Advice for users:

Users should only enter the username, password and OTP code on the homepage of the bank. The homepage of VPBank is: https://vpbank.com.vn/

Always be careful with links that are received, especially those that are strange, attract or receive rewards.

Source: CyRadar

Related posts: