Vietnamese people will lose up to 18,900 billion VND in 2024 due to online fraud

On December 16, the Technology Department of the National Cyber ​​Security Association announced the 2024 Cyber ​​Security Research and Survey Report. The survey was conducted online in the personal user area from November 28 to December 14, attracting over 59,000 participants.

Online Scams: Virtual Space but Real Damage

Online fraud continues to rage, causing serious consequences for hundreds of thousands of Vietnamese users in 2024. According to a survey by the National Cyber ​​Security Association, 1 in 220 users will be a victim of online fraud, a rate of 0.45%. The total damage caused by online fraud in 2024 is estimated at VND 18,900 billion.

In fact, the number of victims of fraud is large, but the number of people who can get their money back is very small. When falling into a fraud trap, although 88.98% of users said they immediately warned and talked to relatives and friends, only 45.69% of respondents said they reported to the authorities, this is a quite low rate.

According to the association's experts, reporting to the authorities when encountering fraud is essential to protect the rights of the victims and prevent illegal acts. Firstly, reporting will help the authorities have timely information to investigate and collect evidence, thereby increasing the ability to arrest and handle fraudsters. Secondly, reporting can also help the victim recover part or all of the stolen property, especially when the authorities intervene early and freeze the related assets.

Furthermore, each reported scam will contribute to building a database of the tricks and methods of operation of the subjects, thereby warning the community, preventing the subjects from continuing to commit fraud, causing damage to many others. Therefore, reporting not only protects individuals but also contributes to building a safer, more transparent, and healthier online environment for the community.

Common forms of fraud

The forms of attacks on users by scammers are diverse and sophisticated. The three most common forms in 2024 include: luring users into fake investment schemes, promising high profits; impersonating the identities of agencies and organizations; and fraudulent announcements of big prizes and promotions.

According to the survey results, 70.72% of users have received invitations to invest in financial exchanges of unknown origin but committed to no risk, high profits. 62.08% said they encountered calls impersonating agencies and organizations (police, court, tax, bank...) urging them to install software or threatening to transfer money to prove their innocence due to involvement in law violations. 60.01% said they received notifications of winning prizes, high promotions but the information was very vague and unusual.

In addition to sophisticated scenarios, scammers have used many modern technologies such as: Deepfake artificial intelligence technology to create fake videos and voices to build trust from victims; applying automatic tools (chatbots) to continuously communicate with victims; using specialized software on computers to make telecommunication calls, reaching many people at the same time... The application of high technology makes many victims unable to distinguish between real and fake when exposed to fake content, leading to easy deception.

Mr. Vu Ngoc Son - Head of Technology Department, National Cyber ​​Security Association recommends: "Online fraud attacks will continue to rage in 2025. In addition to measures from management agencies, users still need to raise their vigilance and safety skills when participating in cyberspace. Do not share personal information with strangers or untrusted services. Carefully verify any calls or exchanges related to money transfers. Use the nTrust anti-fraud application to filter and block fraudulent phone numbers and malicious websites".

Personal Data: A Tasty Bait for Hackers

In 2024, the situation of personal data leakage in Vietnam continues to be complicated and serious. Up to 66.24% of users confirmed that their information has been used illegally. There are many reasons for this situation, in which according to the survey results, 73.99% of users said that the leakage was due to providing information when shopping online. In addition, 62.13% said that the cause came from sharing information on social networks and 67.00% said that the leakage occurred during the use of essential services such as restaurants, hotels, and supermarkets.

According to experts from the Cyber ​​Security Association, these are also common causes in the world. A user today often has 2-3 accounts and uses social networks, accesses dozens of e-commerce websites, provides information to hundreds of stores, hotels, supermarkets in daily activities. This causes personal information to be collected and stored in hundreds of different systems. While ensuring data security for these systems is not uniform, there are risks of attacks, data leaks from operating processes, people or network security vulnerabilities.

In addition, many users are also lacking awareness in protecting personal information, willing to provide it to others without checking what their information is used for. Experts say that data leaks not only cause inconvenience to users but also create conditions for more sophisticated fraud. Hackers often combine personal data with technologies such as AI to create psychologically-based fraud scenarios that easily convince victims.

The Cybersecurity Association recommends that users limit sharing sensitive personal information on social networks. Before providing information, carefully check the reputation of websites and businesses. Use strong, unique passwords for each account and enable two-factor authentication (2FA) to protect personal accounts.

Spam Calls: The War is Not Over

Only 4.46% of survey respondents said they were not bothered by spam calls in 2024. Up to 95.54% of users were bothered by unwanted calls, of which 52.96% were occasionally bothered with an average frequency of a few calls per month, and 42.58% regularly received spam calls every week.

Statistics from the nTrust system, the Association's anti-fraud solution, recorded 134,000 reports related to scam phone numbers in the last 6 months of 2024. The nTrust system also has to constantly update new scam and annoying phone numbers, the updated list in 2024 reached 296,000 spam and scam phone numbers.

Although state management agencies have continuously reviewed and requested updates on subscriber information to strictly handle junk phone numbers and prevent spam. However, there is still a phenomenon of people hiring people to register phone numbers with their own information, then buying them back for use. The subjects then insert the SIM into specialized devices, using software on the computer to make dozens of calls at the same time.

Association experts recommend that users should be careful and not talk to calls that do not have an identification number (brand name) or are not in the contact list (unknown numbers). Note that state management agencies do not work with people over the phone. Immediately end the call if the content is not related to your needs to avoid being scammed. You can use the call blocking features on your phone, or use spam call blocking applications such as nTrust for automatic protection.

Malware Attacking Individual Users: The Threat Still Exists

In 2024, the world witnessed many new trends, including the shift in the target of malware attacks from individuals to organizations. However, according to Mr. Vu Ngoc Son - Head of Technology Department of the Association: "Although the target may be to attack organizations, when deploying, hacker groups always choose to attack users as the first stepping stone. In the coming years, individual users will still be the favorite target of malware."

According to a survey, up to 23.40% of users were attacked by malware at least once a year, greatly affecting their work. Of which, up to 9.65% of users were attacked by ransomware. The trend of working at the office and handling personal matters on the same device has become popular.

If attacked by malware, users will face many risks, the biggest of which is theft and disclosure of sensitive work and personal data. Malware can also take control of devices, lie dormant, and monitor the victim's activities to cause long-term damage.

The most common reason for malware infection is that users install applications from unknown sources. According to the National Cyber ​​Security Association, up to 31.36% of users admit to downloading software from links sent via email, chat or social networks. These links are often disguised by bad guys as attractive content such as "free software" or "cracked software" that users are not careful about and accidentally install malware.

In 2024, through the nTrust system, the Cyber ​​Security Association said it had updated over 875,000 dangerous IP addresses and domains. Most of these were addresses and domains that spread malware.

Experts recommend that users should avoid downloading software from unknown sources, especially from links received via chat or email. When you need to install software, go directly to the official application stores or the official websites provided by the manufacturer. Regularly update the operating system to patch vulnerabilities, install reputable anti-virus software and periodically back up data to minimize damage when attacked.

Malware will upgrade itself in 2025

According to experts from the National Cyber ​​Security Association, 2025 will continue to witness the explosion of new technologies such as artificial intelligence (AI), blockchain technology, and quantum computing. Malware will be able to upgrade itself, improved Deepfake technology, and other generative AI tools will help bad guys create more unpredictable fake content. Quantum computing, although still in its infancy, also has the ability to break traditional encryption algorithms, causing great concerns for data protection.

Hackers will use AI to automate attacks. The development of 5G technology will lead to a sharp increase in the number of IoT devices, along with many security vulnerabilities on these devices that can be exploited, from security cameras, smart watches to home appliances.

Individual users need to equip themselves with knowledge, use advanced security tools and be more careful in sharing information in cyberspace. Authorities and cybersecurity organizations need to coordinate to effectively deal with new challenges, protecting a safer and more trustworthy cyberspace.