Vietnam Cyber Emergency Response Center – VNCERT/CC has just warned about a new form of fraud targeting individuals and organizations using digital signatures. (Illustration photo: T.Hong)
Vietnam Cyber Emergency Response Center – VNCERT/CC, Department of Information Security (Ministry of Information and Communications) has just warned about a new form of fraud targeting individuals and organizations using digital signatures. Accordingly, taking advantage of the increasingly popular use of digital signatures and the tax finalization season of individuals and businesses, recently, scammers have impersonated units providing signature authentication services. Digitally sign to send an email requesting the user to renew the digital certificate. After the user performs the renewal operation as requested by the fraudster, their assets will be appropriated.
Specifically, although the digital signature authentication service package of businesses and organizations is still valid, many people still receive emails informing them that the company’s digital signature has expired and needs to be renewed. immediately like: “The company’s electronic stamp is in the token category: old version – expired. Stop depositing bids, invoices, and tax declarations after the date… The company needs to contact immediately to extend the service to avoid having the account locked…”; or “Tokens are locked and tax deposits are temporarily suspended. You need to contact the system or teller to renew the service. Stop depositing bids, invoices, and declarations at…”
Through evaluation, VNCERT/CC experts found that emails impersonating digital signature certification service providers to scam businesses often have the extension “.gmail” or domain names from abroad. The content of the email is only general and does not represent the supplier or authorized agent. Contact information in the email only shows the teller’s phone number and is constantly changing.
The fraud methods of the subjects are quite methodical. Initially, the subject sent an email informing them that the digital signature of an individual or business was about to expire. A few days later, the subject continued to send a notification that the digital signature would expire that day and needed to be renewed immediately. When individuals or businesses have not yet responded, the impostor will continue to send emails notifying them that “tokens are locked and accounts are suspended”. By this method, the perpetrator deceived and misappropriated the property of gullible and subjective users.
VNCERT/CC Center recommends that when suspecting a fake email requesting a digital certificate renewal, individuals and businesses should proactively contact a digital signature authentication service provider for instructions on checking. digital certificate term as well as service registration contract.