These were the findings from the Cybersecurity Report and Survey 2024 conducted by the Technology Committee of the Vietnam's National Cybersecurity Association, released on Monday. The survey questioned individual users, conducted online from November 28 to December 14, attracting over 59,000 participants.
As per the survey, one in 220 users became a victim of online fraud, equating to a rate of 0.45 per cent. The total financial losses caused by online fraud in 2024 were estimated at VNĐ18.9 trillion (US$744.5 million).
The number of victims is substantial, but very few manage to recover their losses. Despite 88.98 per cent of users stating they immediately warned and consulted with family and friends after being scammed, only less than half – 45.69 per cent – reported the incident to the authorities, a relatively low rate.
According to experts from the National Cybersecurity Association, reporting fraud to the authorities is essential to protect victims' rights and to prevent further crimes. First, reporting enables authorities to gather timely information for investigations and evidence collection, thereby increasing the chances of capturing and prosecuting fraudsters. Second, reporting can help victims recover a portion or even all of their stolen assets, especially when authorities intervene in time to freeze related assets.
Moreover, each reported case contributes to building a database of scams and fraud tactics, which helps warn the community. Therefore, reporting fraud not only safeguards individuals but also contributes to creating a safer, more transparent and healthier online environment for all.
Common types of online frauds
Fraudsters use various sophisticated methods to target users. The three most common scams in 2024 include fake investment schemes, scammers impersonating authorities or organisations, and prize and promotion scams.
According to the survey, 70.72 per cent of users reported receiving invitations to invest in dubious financial platforms that guaranteed high returns without risks. Additionally, 62.08 per cent encountered fraudulent calls impersonating agencies (tax, bank, or police etc.) urging them to install software or transfer money to prove their innocence in legal violation cases. Meanwhile, 60.01 per cent received suspicious notifications of large prizes or promotions.
Besides sophisticated scenarios, fraudsters increasingly use modern technologies, such as AI-powered deepfake videos and voice impersonations, to gain victims' trust. They also use automated tools (chatbots) for continuous communication and specialised software to make mass phone calls, reaching multiple victims simultaneously. This high-tech approach makes it difficult for victims to differentiate between real and fake content, leaving them vulnerable to scams.
Head of the Technology Committee Vũ Ngọc Sơn urged people to be vigilant in cyberspace, avoid sharing personal data with strangers or untrustworthy services, verify calls or messages asking for monetary transactions and use the Vietnam's official anti-fraud application nTrust (developed by the National Cybersecurity Association) to filter out known spam callers or harmful websites.
Personal data breaches and spam calls
In 2024, personal data breaches in Vietnam remained severe and complex. Up to 66.24 per cent of users confirmed their information was misused.
Some key sources of leakages were identified, including e-commerce transactions (73.99 per cent believe their data was leaked when shopping online), social media (62.13 per cent suspect their information was exposed through social networks), or essential services usage (67 per cent attribute breaches to using services like restaurants, hotels, or supermarkets).
Experts from the National Cybersecurity Association note that these are also global trends. Each user now has an average of 2.3 accounts and engages with numerous websites, apps and services, making personal data widely distributed across hundreds of systems. With inconsistent security measures, these systems are vulnerable to attacks, leaks, or operational errors.
The association recommends users to limit sharing of sensitive personal information online, verify websites' and business' credibility before providing data, and use strong, unique passwords for each account and enable two-factor authentication (2FA).
Regarding spam calls, only a very small portion – 4.46 per cent – of survey respondents said they were not bothered by the issue in 2024. A staggering 95.54 per cent reported being disturbed by unwanted calls, with 52.96 per cent experiencing occasional disturbances (a few calls per month) and 42.58 per cent receiving weekly spam calls.
The nTrust system recorded 134,000 reports of fraudulent numbers in the last six months of 2024. The database now includes 296,000 spam and fraudulent phone numbers.
Malware threats persist
Although cyberattacks are increasingly targeting organisations, personal users remain primary targets for malware. In 2024, 23.40 per cent of users reported being affected by malware at least once, with 9.65 per cent experiencing ransomware attacks.
Malware often infiltrates devices through software downloaded from unverified sources. The survey revealed that 31.36 per cent of users admitted to downloading software from links received via email, chat, or social media.
Through the nTrust system, over 875,000 dangerous IP addresses and domains were identified in 2024, most associated with malware distribution.
Experts advise users to avoid downloading software from untrusted sources, use official app stores or verified websites for software downloads, regularly update operating systems and install reputable antivirus software, and backup data periodically to minimise damages from attacks.