Building Public Trust for a Safer Internet: Part 1 Challenges

The adoption of e-registration platforms for public use in Thailand has increased significantly, driven by the COVID-19 era. During the pandemic, Thailand embraced digital solutions to manage public services and support cashless payments, such as PromptPay QR codes. However, this shift has also led to a surge in fake websites, posing serious cybersecurity and data privacy challenges for both locals and foreigners. These fraudulent operations exploits individuals’ technical awareness, have resulted in financial losses, compromised personal data, and eroded public trust in digital government services. This article examines instances of website spoofing, explore the loop holes used, and highlights the mechanisms the public should be aware of as a foundation for a safer Internet.

The opinions expressed in this article are my own and are based on my experience as a cloud engineer. AI was utilized in restructuring these sentences and fixing grammatical errors.

The Push Towards Digitalization in Thailand

Thailand’s journey toward digitalization accelerated rapidly following its first confirmed COVID-19 case on January 12, 2020. As the country responded to the pandemic, digital solutions became central to public health and government service delivery. One early example was the rollout of the Mor Prom vaccination appointment system. Despite the achievement, the official app’s launch on May 1, 2021 has its technical challenges with the platform crashing under high demand-especially and additionally knowledge gap that may have lead to confusions due to the nature of the technology and introductions to the devices being used throughout the population, impacting elderly and high-risk individuals who were prioritized for vaccination. Taking advantage of the confusion and limited digital literacy, fraudsters created fake websites such as “หมอพร้อม.com” (morprom.com), misleading users into believing they could register for vaccines online. Many citizens fell victim because they were unaware that the legitimate Mor Prom service was only available via the official mobile application and LINE platform, not through any website.

As digital adoption deepened, PromptPay-the national payment platform-emerged as a key driver of cashless transactions and digital banking, especially in the post-pandemic era. Majority of Thai’s working classes has adopted mobile bankings onto their devices. While it’s not confirmed of the statistics of elder group adoption in this technology, it’s knowns that fraudsters targets these demographic and performs social engineerings to gain financial benefits through the mobile banking technology.

In Thailand, PromptPay, the national payment platform, has been a significant driver of digital banking adoption, especially during the post-pandemic era, quouted an article by the Bangkok Posts.

Yet, the expansion of digital financial services also brought new opportunities for cybercriminals. When the government introduced its digital wallet initiative, promising a 10,000-baht handout to citizens, scammers quickly adapted. They sent SMS messages containing links that appeared to allow recipients to check their registration status for the handout. Victims who clicked these links faced severe consequences, including disabled mobile devices and drained bank accounts.

The Bank of Thailand (BoT) is planning to improve mobile banking security measures by limiting certain groups of people, such as teenagers and the elderly, from transferring more than 50,000 baht per day; posted in an article on Bank of Thailand plans to boost safety of transfers by the © Bangkok Post PCL.

The most recent manifestation of website spoofing in Thailand targets the newly implemented Thailand Digital Arrival Card (TDAC) system, which replaced the paper TM6 arrival cards for foreign visitors beginning May 1, 2025. Remarkably, the first fake TDAC website appeared on the very same day the legitimate system launched, demonstrating how quickly scammers can adapt to new government initiatives. The fraudulent website claimed to be from an “official third-party service provider” and charged a processing fee of US$10, despite the fact that the legitimate service is completely free.

These incidents illustrate a persistent pattern: as Thailand’s digital transformation advances, so do the tactics of scammers exploiting new government initiatives and public unfamiliarity with official digital channels. The ongoing challenge of fake websites impersonating government services underscores the urgent need for robust preventive measures and increased public awareness-topics explored further in this article.

Stay tuned for the second part of this four part series, where the author share their learnings on the loop holes used by malicious parties.