These high-tech criminals have developed several methods to take over the mobile devices of their victim, thereby taking control of e-banking applications and transferring money out of victim' accounts. Among such, there are notably the tactics to penetrate devices running on iOS (Iphone, iPad), which are often considered highly secured.


The primary techniques used by these criminals are still social-engineering with the goal of:




Manipulate victims into actively installing applications with malicious code (malware) on their device, through third-party application distribution platforms.



Manipulate the victim into allowing Mobile Device Management (MDM) profile to be established on their device, which then allow the criminals to take full control of the device remotely, thereby installing malicious applications using such priviledge.

*Examples of Social-engineering attacks include impersonating bank officials, representatives of state agencies, spreading fake website links, etc.


Techcombank would like to share some recommendations for your valued customer to stay vigilant and minimize the risk of being victims to above methods:



Stay cautious of requests FROM ANYONE to install any applications outside the App Store, especially via the TestFlight application (the platform that allows developers to invite users to experience applications in alpha or beta versions).
- Carefully review the access rights requested by your applications; consider to decline all permissions that are not related to the application's core features.
- Be especially cautious of applications that requesting submission of identification documents and face scanning.
- Regularly check and consider removing unknown mobile device management (MDM) profiles from your device.
- Actively update the latest version of the operating system to ensure devices always receive the latest security standards.
- Install and use anti-virus application from a trusted provider.


Applications that are in alpha or beta versions installed via TestFlight will have a red and yellow marks appear next to the app name) To check MDM profile on your iOS device: Go to Settings > General > VPN & Device Management.



- Install any applications distributed via TestFlight unless you know the developer very well and get assured about the safety of the application.
- Allow any Mobile device management (MDM) profile to be installed on your device unless you can accurately verify the requesting party (E.g. from known IT Admin at your company)
- Click on/open any links sent from strangers/unknown parties in all platforms, including social networks or messaging applications
- Use jailbroken device or actively try to jailbreak your own device.


If you suspect that your device has been infected with malware, please:

  • Disconnect the Wifi/Mobile data connection (3G/4G/5G) on the device
  • Immediately contact the following channels to temporarily block the services:
    • Techcombank customer support hotline 24/7: 1800 588 822 (domestic) or 84-24-39446699 (international); or send email to
    • Or come to the nearest Techcombank premise 
  • Request assistance from a trustworthy mobile device service to reset your device to factory mode.


In case you customer has been a victim of the crime, you are recommended to:

  • Report the incident to the nearest Police Department office
  • OR follow the guidance in the "Instructions for reporting crimes" section on the e-portal of Ministry of Public Security (address


Other reminder: Please do not provide confidential information such as OTP code, CVV code, card number, e-banking password, etc. to anyone, via any commnunication channel, including people claiming to be police, bank staffs.