By Nga Dao
The alarming situation
I receive spam emails, texts, and calls almost every day and about almost everything: from warning a security threat or inviting to a promotional event to offering sales or investment opportunities. Spam is annoying, but I’m still lucky they haven’t stolen my money. Last month, a friend of mine lost VND50 million (about US$2,000) in an investment scam; and last week, a relative lost VND10 million (around US$400) by a fake Facebook page selling air tickets. These are only a few among thousands of online fraud reports. It’s undeniable that spam and scams exist and can be anywhere.
In 2022, the Authority of Information Security recognized around 13,000 online scams and announced the 16 most common types of scams in Vietnam. These numbers went up to 16,000 cases and 24 types in the first 11 months of 2023 with ‘cheap-priced package tours’, Deepfake and Deepvoice video calls among the most common tricks.
Scams target not only citizens but also the government. According to the MPS’s statistics, 2,500 fraud cases took place in the digital space from May 2020 to May 2021. Of these, 527 cases involved criminals faking to be government officials and deploying scams for financial fraud .
Scams are not just the risks; they cause real significant losses. It was reported that 70 percent of Vietnamese people fall victim to scams and each Vietnamese suffered an average loss of VND17.7 million (US$734) in online scams in 2023. In total, last year Vietnam lost approximately VND391.8 trillion (US$16.23 billion) to scams, equivalent to 3.6% of the nation’s GDP. And, this is not to mention their potential impacts on the victims’ mental health which would not be easy to measure.
Main reasons and challenges
The prevalence and consequences of scams, regarded as adverse outcomes of technology, can be ascribed to the actions of both individuals and institutions. The lack of awareness and vigilance about online fraud and cybersecurity requirements along with the ignorance or absence of privacy policies and guidelines may help explain the situation.
A survey by a local cybersecurity firm found that 80 percent of entities engaged in e-transactions in Vietnam failed to comply with privacy regulations fully, particularly the Government’s Decree 13 on personal data protection, and many organizations have no institutional privacy policies.
Meanwhile, experts have pointed out several legal challenges such as inconsistencies between the Penal Code and Cybersecurity Law concerning the definitions of cybercrimes as well as loopholes in regulations on administrative sanctions for online violations, which would require a thorough review and appropriate amendment of the relevant decrees.
What can be solutions?
Building digital trust is a key task under Vietnam’s National Digital Transformation Program adopted in 2020. It is also a key requirement to ensure information and cyber security for digital government, digital economy, and digital society according to the newly-issued master plan on ICT infrastructure development (2021-2030 period with a vision to 2050). The urgent need for and importance of this issue has been highlighted on several occasions, by both the MIC and MPS leadership.
Raising people’s awareness and equipping them with knowledge and skills to recognize and mitigate online risks is identified as a key solution to fighting fraud. For this purpose, Vietnamese authorities have launched several awareness campaigns in the past few years. This is essential indeed but not yet sufficient. Clear and consistent regulations and guidelines are important and necessary to enable effective compliance and enforcement. For this reason, the Government may need to conduct a comprehensive review of relevant regulations and make proper adjustments. Considering Vietnam has already issued a decree on personal data protection (PDP) and launched the National PDP Portal (https://baovedlcn.gov.vn/), it is expected that there will be further concrete and timely guidance as well as constant review by authorities to promptly identify and fix potential problems. This process would help draw good lessons and provide valuable inputs for the formulation of the first-ever PDP Law of Vietnam shortly.
 Issued on April 17, 2023, and effective as of July 1st, 2023.
 Decision 749/QD-TTg dated June 3rd, 2020.
 Decision 36/QD-TTg dated January 11, 2024.
 Such as the National Cyber Security Center’s (NCSC) launch of a website (in cooperation with Google) in 2022, to raise public awareness of increasing online frauds; and the MIC’s online fraud campaign in 2023.