Impersonating EVN to send OTP messages for account hijacking
- Kamy Le
- 3 minutes ago
- 2 min read
Vietnam Electricity (EVN) has just issued an urgent warning regarding a newly emerged tech-based scam method. Malicious actors are exploiting the identity of the power sector to send fraudulent messages aimed at misappropriating citizens' data and assets.
Brand impersonation tactics and fake authentication code traps
According to reports from many electricity users, they unexpectedly received phone messages with the sender name displayed as “EVN CSKH” (EVN Customer Service Center). The content of these messages contains a fake 6-digit sequence (referred to as a One-Time Password (OTP)).
Notably, the messages include a link leading to an unfamiliar website. Although the characters “evn” appear within the link to build trust, the domain extension is completely different from regular official addresses.
EVN identified this as a new phishing tactic. The ultimate goal of these malicious actors is to lure users into clicking the unfamiliar link, thereby stealing personal information, and hijacking customers' data and bank accounts.
How to identify official OTP messages from EVN
To help citizens avoid falling into the trap, EVN clarified the operational mechanism of the official messaging system related to the "EVN CSKH" application (a system that has just been put into trial operation since June 15).
Customers need to note two core characteristics to distinguish between real and fake messages:
Message context: EVN only sends an OTP when users perform a first-time login into the EVN CSKH application, or when a specific transaction needs to be authenticated directly on this application. If an OTP is received out of nowhere without any action being taken, it is definitely a fraudulent message.
Message format: Authentic OTP messages sent by EVN absolutely never attach any links.
Safety guide for service users
In light of the emergence of the aforementioned tactic, EVN advises service users to heighten their vigilance and proactively protect their personal information according to the following principles:
Do not click on unfamiliar links: Absolutely do not click on any links attached to messages, electronic mail (email), social media, or chat applications from accounts claiming to be EVN.
Maximum information security: Do not provide OTP codes, login passwords, bank card/account information, or any personal data to unfamiliar websites, or to anyone claiming to be an officer or employee of the electricity sector.
Only install official applications: When needing to use the "EVN CSKH" application, users should only download it from legitimate app stores such as Google Play (for Android phones) and App Store (for iOS phones). Citizens can scan the official QR code to access the correct download source, while also carefully checking the application name and the publisher before installation, absolutely staying away from installation files sent via unfamiliar links.
Upon detecting suspicious signs or receiving messages showing signs of impersonation scams, citizens should proactively contact the Customer Service Hotlines of EVN immediately for timely assistance and information verification from staff.
Comments