HANOI: A large cybercrime network believed to be operating from Vietnam has been linked to widespread fraudulent account creation targeting online platforms and digital services worldwide. Cybersecurity researchers have revealed that the operation manufactures fake online identities at scale and uses them to support phishing, cryptocurrency scams and other financial crimes.
Investigators traced the activity to a specific infrastructure cluster internally designated O-UNC-036. According to the findings, the network relies heavily on disposable email services and automated bot systems to generate thousands of fake digital identities in a highly organized manner.
Experts say these fraudulent accounts are far more than just spam profiles. Cybercriminals use them as entry points to conduct large-scale financial fraud, social engineering operations and coordinated online scam campaigns.
Fake Identities Fuel Global Scam Campaigns
The investigation also found that these fake accounts are frequently used to lure victims into cryptocurrency investment fraud, romance scams and long-running financial deception schemes often referred to as “pig-butchering” scams.
Reports indicate that many of these scam operations are run from organized criminal compounds across Southeast Asia, particularly in areas near the borders of China, Myanmar, Thailand and Cambodia.
Cybersecurity analysts first noticed the activity after detecting a surge in suspicious account registrations across several online services. During the investigation, researchers identified multiple disposable email domains repeatedly used to create new accounts in bulk, eventually linking the activity to a broader cyber fraud marketplace.
Further analysis revealed that several online storefronts connected to this ecosystem openly sell hacked or artificially created accounts.
Emergence of a ‘Cybercrime-as-a-Service’ Ecosystem
A detailed investigation released in March 2026 exposed a structured Cybercrime-as-a-Service (CaaS) ecosystem in which fraud tools, session tokens, residential proxy services, anti-detect browsers and other cyberattack resources are sold to buyers willing to pay.
Security researchers warn that such services have lowered the barrier to entry for cybercrime. Instead of requiring deep technical expertise, individuals can now purchase ready-made tools and infrastructure to launch scams and fraudulent campaigns online.
SMS Pumping Fraud and Financial Losses for Online Platforms
One particularly damaging scheme linked to the network involves criminals creating large volumes of fake accounts to trigger SMS messages to premium-rate phone numbers. This tactic is known as SMS Pumping, or International Revenue Sharing Fraud (IRSF).
In this method, online services that rely on SMS verification or multi-factor authentication (MFA) for new user registrations end up sending thousands of automated messages. The cost of these messages is ultimately borne by the service providers, leading to significant financial losses.
According to a report by the United Nations Office on Drugs and Crime, the underground cybercrime economy has expanded significantly in recent years. The marketplace now includes vendors offering fraud kits, stolen personal data, malware, AI-driven tools and even money-laundering services to cybercriminals.
Fake Accounts Target Social Media and Digital Platforms
Researchers also found that fake accounts generated by the network are widely used across major social media platforms such as LinkedIn, Instagram, Facebook and TikTok. These accounts are often used to run scams, manipulate online reviews and exploit free-trial offers on digital services.
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh said fake accounts often serve as the foundation of many cyber fraud operations.
“Fake digital identities act as the entry point for cybercriminals. Through these accounts, they run social engineering campaigns, investment scams and other fraudulent activities at a large scale,” he explained.
Experts warn that such activities not only cause financial losses but also erode trust in digital platforms and degrade the experience for legitimate users.
Experts Call for Stronger Detection Systems
To counter these threats, cybersecurity specialists recommend that companies deploy stronger bot-detection systems to identify automated registrations. They also advise implementing rate limits on suspicious IP addresses and blocking known disposable email domains.
For high-risk services, security experts recommend identity verification through trusted third-party systems along with behavioral analytics tools that can detect unusual registration patterns. These measures can help platforms identify and stop fraudulent activity before it spreads further.
