FPT IS proposes a proactive solution against cyber fraud

Unlike most cyberattacks that exploit technical vulnerabilities, cyber fraud primarily targets users’ psychological weaknesses, and exploits the large base of Internet users. To tackle this issue, FPT IS experts have proposed a proactive phishing training model featuring continuous, personalized, practical exercises to enhance user awareness and reduce susceptibility to scams.

Why is cyber fraud successful?

FPT IS recently participated in the Cyber Fraud Prevention Conference organized by the National Cybersecurity Association under the direction of the Ministry of Public Security. The event aimed to facilitate knowledge exchange and update the latest cybersecurity technologies, enhancing security for organizations and businesses.

Opening the conference, Lieutenant General Luong Tam Quang, Deputy Minister of Public Security, highlighted the increasing complexity of cyber fraud, which causes significant harm to organizations and individuals, and impedes their development.

He noted that criminal activities exploiting cyberspace, particularly online fraud, are escalating in both scope and sophistication, posing significant challenges for every country. Global statistics show that online fraud caused $1.026 trillion in damages by 2023, equivalent to 1.05% of global GDP. In Vietnam, the National Cyber Security Center recorded nearly 16,000 reports of online fraud, with 91% related to the financial sector.

Dr. Nguyen Thanh Binh, Global Cybersecurity Consultant at FPT IS, explained during the forum “Raising Awareness of Anti-Fraud Through Proactive Phishing Methods”, “The two fundamental reasons for successful cyber fraud are its exploitation of inherent human psychological weaknesses and the sheer number of potential victims.”

FPT IS expert proposed a proactive phishing training model for organizations and businesses.

There are currently three main categories of fraud, namely brand counterfeiting, account hijacking, and other combined forms. According to the Handbook on identifying and preventing online fraud issued by the Authority of Information Security under the Ministry of Information and Communications, 24 types of fraud are popular in Vietnamese cyberspace, including “cheap travel combo” scams, Deepfake and Deepvoice call scams, and “SIM locking” scams caused by non-standardized subscriptions, among others.

Phishing is a prevalent method of cyberattack. According to IBM’s 2023 Cost of a Data Breach Report, the average cost of a data breach due to phishing, the initial intrusion method, is $4.76 million, second only to breaches caused by internal actors ($4.90 million per case). Phishing, moreover, is the primary method for hackers to gain entry into organizations, accounting for 16% of cases. Creating an initial entry point is crucial for hackers to continue their deep attacks.

Proactive fishing optimizes prevention of, and protection against, cyber fraud.

Raising awareness through information and propaganda is considered a fundamental, effective, and long-term solution. However, this method faces a major limitation: it relies on the user’s initiative to listen, view, read, and absorb the information, and it must compete with many other attractive information sources.

In that context, FPT IS experts recommended organizations and businesses apply a proactive fishing method in training. This method involves working with service providers to set up infrastructure and design phishing emails to send to employees. The number of employees deceived at various levels—such as opening emails, clicking on links to access fake websites, and filling in information on fake websites—will then be collected and analyzed. This data helps build a personalized newsletter for businesses and provides targeted guidance for defrauded users.

 FPT IS’s ecosystem of security solutions garnered the attention of attendees.

With the goal of assisting organizations, businesses, and banks in preventing cyber fraud, FPT IS has developed the FPT.EagleEye Phish-Training solution, aiming to proactively raise awareness through realistic, personalized scenarios. This minimalist and technically friendly solution can reach a large number of people quickly, optimizing the training process for each individual.

For individuals, the model helps train and raise awareness through real-life situations and personalized newsletters. Organizations and businesses, meanwhile, can gain a comprehensive view of which functions (departments) or groups of employees (by age, gender, etc.) are most susceptible to specific types of fraud. This insight will serve as a basis for future awareness training programs.

“In the future, proactive phishing can be replicated on a national scale through role-playing,” said Dr. Binh. Accordingly, organizations and businesses can use the FPT.EagleEye Phish-Training service to train their employees and customers. The Ministry of Public Security and the Ministry of Information and Communications, in their roles as state leaders and managers, can establish a foundation for, and provide training activities to, the entire population.

Additionally, Dr. Binh suggested adopting practices from other countries, such as establishing an “Information Security Month” and conducting nationwide campaigns to highlight one or several notable cases. This activity promotes communication and encourages organizations, localities, and schools to invite experts to share their knowledge. He also recommended incorporating information security training into high school programs in an age-appropriate manner, similar to the success of technology training programs like STEM in Primary schools and other higher levels.

At the technology exhibition, FPT IS unveiled its ecosystem of security solutions, designed to create a comprehensive safeguarding circle for the digital assets of organizations, businesses, and individuals engaged in digital transactions. A typical solution set is FPT.EagleEye, which comprises the Managed Security Operations Center (FPT.EagleEye mSOC), the Managed Detection and Response Solution (FPT.EagleEye MDR), PCI DSS Consulting, Assessment, and Certification services, as well as Penetration Testing services (Pentest).

To further strengthen defenses against fraud, FPT IS has also implemented an anti-fraud solution for digital identity verification called FPT.IDCheck, meeting the requirements of Project 06. Thereby, the verification steps are carried out in just a few seconds, with personal information automatically entered fully and collated with data from the Ministry of Public Security. To date, FPT.IDCheck has been trusted and used by leading banks and financial institutions in Vietnam, typically Sacombank, ACB, VIB, TPBank, WooriBank, and JACCS.

“FPT IS, boasting over 25 years of experience in Information Security, stands as a trusted partner for leading international and local organizations, businesses, and banks. With its technological expertise and product development capacity, FPT IS wishes to assist Vietnam in combating fraud, establishing a secure network environment, and tackling significant societal challenges”, affirmed the FPT IS expert.