LS from Go Vap district in Ho Chi Minh City suddenly received a call asking him to upgrade his 3G SIM card to a 5G card by sending an SMS with the content “DS” to number 901. Seeing that he s is a free service, plus a promise of free data plans, LS followed the instruction. About 10 minutes later, she discovered that she had lost nearly 2 million VND in her e-wallet linked to her phone number.
The functional agencies explained that the above SMS is used to transfer a current SIM card to a new blank card, and users lose control of this SIM card. All calls and SMS will then be sent to the new SIM under the control of criminals. So, they can easily use OTP authentication with this phone number to login into bank accounts, e-wallet accounts of victims to steal money.
Criminals typically impersonate customer service representatives of major mobile network operators and contact telephone subscribers for troubleshooting purposes. They normally ask users to send a functional SMS so that they can take control of the users current SIM card.
A typical SMS content used by these criminals is “**21*#”, which is a call forwarding feature offered by carriers to phone owners to forward their calls and SMS to a new number. Once the victims complete this action, the criminals easily see all the OTP authentication codes of these victims and use them to log into important accounts.
An experienced e-wallet user advised people not to put too much money in an e-wallet and transferring sufficient amounts to banks when needed is a wiser choice.
VinaPhone also warns its customers against sending the code ‘**21*Số điện thoại#’ when instructed by a strange call. Also, if customers find that their phone cannot receive any calls, they should immediately text ‘##21#’ to cancel the call forwarding feature, then contact VinaPhone’s free hotline 18001091 to check the security status.
Similarly, MobiFone subscribers should dial its 9090 hotline to check whether the person contacting them is indeed a MobiFone employee or not. They are warned against sharing their OTP codes, passwords, sensitive information, bank accounts, PIN with untrustworthy sources.
Since most cases of information leakage are due to users’ negligence, MobiFone advises that when an incident is detected, victims should immediately contact network operators or local police stations for appropriate solutions. .
Viettel requires its customers to strictly observe all country laws and regulations regarding the provision of registration information. Users are advised to beware of calls from strangers for the purpose of SIM card upgrade or prize winning.
To better protect their SIM card, mobile phone users are recommended to install apps to provide 2-level authentication like Google Authenticator, Authy or Microsoft Authenticator.
A SIM card PIN is a 4-digit string, which is required every time users restart their phone, remove or insert a SIM card into a phone. Incorrect entry of this code is equivalent to SIM card lock status. This will prevent criminals from using the SIM card if a phone is stolen, and users have not yet asked network operators to lock the SIM card.