Warning: Fake National Public service portal used for asset appropriation scams

Kamy Le
1 day ago
2 min read

Aiming for openness, transparency, and a citizen- and business-centric approach, the National Public Service Portal serves as an effective platform supporting the execution, monitoring, and evaluation of online administrative procedures nationwide. However, this convenience is being exploited by malicious actors to set up fraudulent websites to scam users and appropriate their assets.

Scam methods via fake websites

Recently, through monitoring and situational awareness within the digital environment, the Cyber Security and High-Tech Crime Prevention Division of the Da Nang City Department of Public Security detected a website with the domain name dichvuconghanhchinh.com. This website was designed with an interface that almost entirely clones the structure of the official National Public Service Portal at dichvucong.gov.vn in order to deceive visitors.

Trang web được thiết kế với giao diện gần như sao chép hoàn toàn cấu trúc của Cổng Dịch vụ công Quốc gia nhằm đánh lừa người truy cập. — This website was designed with an interface that almost entirely clones the structure of the official National Public Service Portal in order to deceive visitors.

Although the method of spoofing government agency websites is not entirely new, the tactics used by fraudsters are becoming increasingly sophisticated. When citizens mistakenly access these malicious websites, the fake system prompts them to perform actions such as:

Logging into personal accounts.
Providing confidential identity and bank account information.
Entering One-Time Password (OTP) verification codes.
Executing redirection commands that lead to the exposure of account control.
Using this harvested information, the scammers quickly compromise the victims' legitimate accounts and proceed to appropriate their assets.

In addition to website spoofing, these individuals also impersonate police officers or government officials, calling citizens to demand the installation of "public service applications," "electronic identification applications," or "profile processing support software" via unfamiliar links.

Although the method of spoofing government agency websites is not entirely new, the tactics used by fraudsters are becoming increasingly sophisticated.

Recommendations from authorities

To proactively protect personal rights and mitigate cybersecurity risks, the Cyber Security and High-Tech Crime Prevention Division of the Da Nang City Department of Public Security issues the following critical recommendations for citizens to note particularly:

Only access public service portals via official addresses published by government agencies; these addresses typically end with the .gov.vn domain extension.
Thoroughly verify the domain name in the browser's address bar before logging in or conducting any online transactions.
Absolutely do not provide sensitive personal data, passwords, or OTP codes to anyone, and do not enter this information on websites of unknown origin.
Do not install unfamiliar applications or software based on redirections or instructions from strangers via phone calls or social media platforms.
Upon detecting any anomalies or suspicious signs, immediately cease all transactions and proactively report to the nearest Public Security agency or competent authorities for timely assistance.

Continuously updating knowledge on high-tech scam methods and maintaining a high level of vigilance is the best way for individuals to protect their own data and assets in today's internet environment.

Reference: An ninh mạng Công an TP Đà Nẵng