Combating the invisible bank robber: RMIT expert
In the past, bank robbers wore masks, but now you cannot see them. In the digital era, second device authentication is the best method of combating the invisible bank robber, wrote Dr Jonathan Crellin, program manager in cybersecurity at RMIT Vietnam.
Second device authentication (where a code is sent to a second device) is secure, but not invulnerable. For example, a bad actor can create a simulation of a banking login system, and simulate the request for an OTP via text message, or by using a bank app. When the customer enters the OTP into the simulation, the criminal can then use it to log in to the real bank account and take control of the account.
The bad actor may simulate some forms of system failure (“website unavailable please log in later”), so the customer does not immediately realize something has gone wrong. This is one reason why your bank tells you “…never to follow a link sent to you (for example: by email)” as this can contain a very similar URL pointing to a fake, simulated bank site.
From your point of view, always use a legitimate link or web address for your bank. If you use a banking app, download it from a legitimate source, such as the Play Store or Apple’s App Store. If your phone is compromised with malware, it can facilitate a bad actor gaining access to your phone, using apps, seeing received text messages, controlling the phone remotely, running apps, and extracting information.
SIM swapping has been a very popular technique in recent years. This involves a criminal tricking a mobile network company into reissuing a replacement SIM card linked to the same original number. This is often used with high-profile targets. It is an easy attack if the bad actor can obtain personal information about the victim, which may be recoverable from a dark web marketplace. Once the new SIM is reassigned, the original SIM will stop working.
Another technique that was used in the past was SIM cloning. Here, a duplicate SIM is created which has the same IMSI number (the SIM’s network identity number), authentication number (KI), and phone number as the original SIM. This technique became difficult from 3G onward, as the KI is difficult to recover. However, many IMSI KIs can be found for sale on dark websites, so if someone was unlucky, their IMSI might have been listed.
If a bank identifies that their app was used on a different type of device than usual, this suggests that SIM cloning or SIM swapping may have occurred. The bad actor using another phone can set up biometric authentication with the banking app that uses the bad actor’s biometrics. From the app’s point of view, the correct person is using the app since the app relies on the phone’s biometric system to confirm the identity of the user.
In SIM cloning, the bad actor would need some data from the original SIM, then write these to a new programmable SIM card. Then they have a phone with a SIM that pretends to be the victim’s phone. Both phones will work, but only one at once. The bad actor can send a text from another phone, pretending to be the cell network provider, instructing the victim to turn off their phone for a network update. Whilst their phone is off, the bad actor connects to the bank, transfers money, and then turns off the cloned phone. When the victim turns their phone back on, it reconnects to the network without any immediate indication of the attack.
From the bank's point of view, thefts are often due to customer errors, perhaps leaking too much personal information. The bank's systems are usually as robust as they can be (but still usable for most customers). Criminals rely on people’s carelessness, trust and naivety.
The lesson here is treating your phone and SIM as if they have the same value as all the money in your bank accounts. To enhance security, consider using dual SIM card phones and use one SIM only for things like financial transactions, and the other for less important activities. Be careful not to share the secure phone number and detailed personal information you use for financial transactions anywhere other than the bank. Exercise extreme caution when downloading apps, ensuring they come from legitimate sources. Additionally, contemplate the use of an additional phone with a separate SIM if you plan to use riskier applications.
Authentication poses a significant challenge across all internet activities, especially in financial transactions. Over the years, we have seen numerous advancements in authentication, alongside evolving criminal tactics. IT and cybersecurity programs at many universities in Vietnam equip students with the skills and knowledge about the strengths and weaknesses of current authentication systems. These students will be at the forefront of developing and implementing the next generation of technology.
Crime is never going to go away. Every lock we make or system we develop will have some weaknesses, especially if those using them are careless. The motivation to steal money is so strong that there will always be people who work out how to break into systems. But at its best, the digital world does bring many benefits and conveniences, just be careful and aware of what you share and the security of your devices.
From July 1, people in Vietnam transferring money over VND10 million ($393) must authenticate by face and fingerprint.
- Read More
Vietnam faces complex challenge as counterfeits shift to cyberspace
Even as the prevalence of counterfeit goods in traditional markets has dropped significantly, their online presence has become a growing concern, says Nguyen Ngoc Ty, CEO of Non Son Fashion Company Limited, a company dedicated to producing and selling hats and helmets.
Economy - Wed, November 13, 2024 | 7:21 pm GMT+7
Japan food firm Kyokuyo completes $14 mln factory in southern Vietnam
Kyokuyo Vina Foods Co., Ltd., under Japan’s food firm Kyokuyo, has completed the construction of a JPY2.1 billion ($13.5 million) factory, its first facility in Vietnam.
Companies - Wed, November 13, 2024 | 4:23 pm GMT+7
StanChart arranges $100 million syndicated loan for Vietnam-based Stavian Chemical
Standard Chartered Vietnam has acted as the sole mandated lead arranger and bookrunner in a $100 million maiden offshore syndicated loan transaction for Stavian Chemical JSC.
Banking - Wed, November 13, 2024 | 4:19 pm GMT+7
Vietnam dong hits historic low
The Vietnamese dong (VND) has reached a historic low against the U.S. dollar (USD) as the greenback continues strengthening on the international market.
Banking - Wed, November 13, 2024 | 3:48 pm GMT+7
Vietnam gov't seeks parliamentary green light for colossal high-speed railway project
An ambitious plan to build a transnational high-speed railway route has been proposed to the Vietnamese parliament for approval amid concerns about the project’s financial feasibility.
Infrastructure - Wed, November 13, 2024 | 3:19 pm GMT+7
Climate change can cut Asia-Pacific GDP by 16.9%, Vietnam by 30%: ADB
By 2070, climate change under a high-end emissions scenario can cause a total loss of 16.9% of GDP across the Asia-Pacific region, the Asian Development Bank (ADB) has said in its “Asia-Pacific Climate Report 2024.”
Economy - Wed, November 13, 2024 | 3:11 pm GMT+7
Japan beverage maker Suntory sees Jan-Sept Vietnam revenue rise to $749 mln
Japan-based brewing and distilling firm Suntory, a partner in Vietnam-based Suntory PepsiCo Vietnam Beverage Co. Ltd., earned in-country revenues of JPY116 billion ($749.2 million) in the first nine months of this year.
Companies - Wed, November 13, 2024 | 2:18 pm GMT+7
EV maker VinFast secures extra $3.4 bln funding from founder, Vingroup
VinFast, the electric vehicle (EV) arm of Vietnam's private conglomerate Vingroup, is set to receive financial aids of VND85 trillion ($3.36 billion) from its parent firm and Vingroup chairman-founder Pham Nhat Vuong.
Companies - Wed, November 13, 2024 | 10:54 am GMT+7
Vietnam gov’t proposes nuclear power project revival as energy demand surges
The Vietnamese government has proposed resuming the nuclear power project and accelerating offshore wind power development as energy demand is forecast to grow by two-digit rates to accommodate economic growth.
Energy - Wed, November 13, 2024 | 10:41 am GMT+7
Bamboo Capital at 13: deep roots, towering shoots
Vietnamese firm Bamboo Capital began its journey in 2011 as a small but promising startup. Thirteen years later, it has grown into a powerful multi-sector conglomerate.
Bamboo Capital - Wed, November 13, 2024 | 8:58 am GMT+7
Vietnam media giant YeaH1 profits handsomely from TV shows, divestments
YeaH1 Group, a leading media and entertainment company in Vietnam, reported an impressive profit in the first nine months of the year as also surging stock prices.
Companies - Wed, November 13, 2024 | 8:39 am GMT+7
Korea’s digital twin firm The PICT expands Asian presence with Vietnam branch
The PICT, a South Korean AI-driven digital twin and immersive content company, has established GEO Impact, its new branch in Ho Chi Minh City, Vietnam’s southern economic hub.
Companies - Wed, November 13, 2024 | 8:14 am GMT+7
Vietnam GDP can grow 6.7% or more in 2025: HDBank exec
Vietnam’s GDP growth in 2025 could reach 6.7% or more, says Tran Hoai Nam, deputy general director of Ho Chi Minh City Development Joint Stock Commercial Bank (HDBank).
Economy - Wed, November 13, 2024 | 7:26 am GMT+7
Indonesia calls on US investors to support sustainable growth
Indonesian President Prabowo Subianto has urged U.S. business leaders to prioritize environmental, social, and governance (ESG) principles when investing in his country.
Southeast Asia - Wed, November 13, 2024 | 12:46 am GMT+7
Grab raises annual revenue forecast
Singapore's Grab Holdings has raised its forecast for fiscal 2024 revenue, as the firm anticipates robust growth in its food delivery and ride-hailing business services during the busy holiday season.
Southeast Asia - Wed, November 13, 2024 | 12:44 am GMT+7
Thai baht lags behind peers on concerns over central bank's autonomy
Thailand’s currency has fallen the most among Asian peers on investor concerns that the independence of the country’s central bank is being further eroded.
Southeast Asia - Wed, November 13, 2024 | 12:42 am GMT+7
- Travel
-
Indian billionaire to visit Vietnam’s Ha Long Bay with 4,500 employees
-
Vietnam in talks on visa exemptions with 15 countries to boost tourism
-
Foreign businesses in Vietnam urge relaxation of visa, work permit requirements
-
AI can be a game changer for Vietnam tourism
-
Google Doodle honors world's largest cave Son Doong
-
Four Vietnam airports to suspend operations as typhoon 'strongest in a decade' approaches