Unveiling Vietnam’s Cybercrime Network: A Global Threat to Online Security
A vast cybercrime network operating out of Vietnam has been identified as the driving force behind large-scale fraudulent account registrations targeting online service providers and platforms worldwide. This network, designated internally as O-UNC-036, employs disposable email addresses and automated bots to create fake digital identities at an unprecedented scale.
The Mechanics of Fraudulent Account Creation
The creation of fraudulent online accounts serves as a gateway for various financial crimes, including spam, phishing, and more insidious scams like pig butchering. In these schemes, victims are lured into cryptocurrency fraud, romance scams, and sextortion operations. These activities are often orchestrated from organized criminal compounds in Southeast Asia, particularly near the borders of China, Myanmar, Thailand, and Cambodia.
Analysts from Okta have observed a surge in suspicious account registrations linked to multiple disposable email domains. This discovery led to the identification of a broader Vietnam-based fraud marketplace. Collaborating with researchers from the University of Cyprus, the team traced O-UNC-036 to numerous online storefronts openly trading in hijacked and synthetically created accounts.
The Cybercrime-as-a-Service Ecosystem
Investigations in March 2026 unveiled a structured Cybercrime-as-a-Service (CaaS) ecosystem. This network offers a range of illicit tools and services, including fraud kits, session tokens, residential proxies, and anti-detect browsers, available to anyone willing to pay.
One particularly damaging scheme involves the automated creation of fake accounts to trigger SMS messages to premium-rate phone numbers, a technique known as SMS pumping or International Revenue Sharing Fraud (IRSF). Service providers that use SMS for new registrations or multi-factor authentication (MFA) codes are left bearing the cost of thousands of artificially generated messages.
The United Nations Office on Drugs and Crime highlighted in an April 2025 report that this underground market now includes merchants specializing in fraud kits, stolen data, malware, AI-driven tools, and money laundering services targeting victims globally.
Impact on Major Online Platforms
The demand for fake accounts spans major platforms such as LinkedIn, Instagram, Facebook, and TikTok. Malicious actors use these accounts to run scams, manipulate reviews, and exploit free trials. This activity erodes user trust and degrades the experience for legitimate customers across all affected platforms.
The Infrastructure Behind the Fraud
At the core of this ecosystem is a Vietnam-based web design company operating under CMSNT[.]co. This company sells website templates marketed toward online money-making ventures. These templates have been adopted—and in some cases used without license—by numerous fraud storefronts selling account products, phone farms, social media engagement inflation services, and anti-detect browsers.
One such site, Via17[.]com, openly sells compromised social media accounts, referred to as vias, likely obtained through brute-force attacks or logs collected by infostealer malware. These logs typically contain login credentials, payment card details, cryptocurrency wallet data, and personal information extracted from infected devices.
Disposable email services play a crucial role in this infrastructure. Platforms like mailclone[.]site and temp-mail[.]io enable fraudsters to generate email addresses valid for as little as ten minutes—just long enough to receive a verification code and complete a registration. Via17[.]com alone recommends eleven such services to its buyers, illustrating the automated and systematic nature of this fraud pipeline.
Defensive Measures Against Fraudulent Signups
Effectively defending against fraudulent signups requires a multi-layered approach:
– Bot Detection: Deploy dedicated bot detection systems that challenge suspicious registrations with CAPTCHA tests.
– Rate Limiting: Implement tighter rate limits on signup attempts from individual IP addresses to prevent automated account creation.
– Email Verification: Block known disposable email domains and enforce email verification for new accounts to reduce the number of fake accounts.
– Identity Proofing: For high-value services, incorporate identity proofing with third-party verification providers to add an extra layer of protection.
– Behavioral Analysis: Utilize behavioral analysis tools to flag scripted or high-volume registration patterns, aiding in the detection of ongoing attacks.
– Access Restrictions: Restrict access from high-risk anonymizers and proxies to limit attackers’ reach before they even access the registration page.
By implementing these strategies, organizations can better protect themselves against the growing threat of fraudulent account signups and the associated financial and reputational damages.
