Hai Ha Phan Photo

Join us in social media

Subscribe to stay up to date with the latest cyber threat trends

Hai Ha Phan

Cyber Investigation Specialist, APAC

Hai Ha is a cyber investigation specialist based in our Vietnam office. As part of the High-Tech Crime Investigation Team APAC, she collaborates with local law enforcement to combat cybercrime in her country and the broader APAC region. Moreover, Hai Ha and her team contribute to the collaboration between Group-IB and INTERPOL to fight against complex cybercrimes. Her experience includes identifying, tracking, and revealing the real identities of threat actors behind various types of cases, such as leaked databases, malware distribution, online fraud, phishing campaigns, and social disinformation.

Her professional interests include automating investigation tasks with scripts and tools, enhancing her digital forensics skills to investigate complex cybercrimes, studying malware to mitigate its impact, and publishing articles to advance cybersecurity knowledge.

In late 2023, she successfully supported local law enforcement in revealing the threat actor behind a cyber heist targeting a prominent financial firm. Hai Ha holds a Master’s degree in Computer Security.

Blog posts by Hai Ha Phan

Cyber Investigations

October 28, 2025

The Illusion of Wealth: Inside the Engineered Reality of Investment Scam Platforms

This blog details online investment scam campaigns, including fraudulent cryptocurrency, forex, and trading platforms, while offering a technical investigation guide for investigators, based on Group-IB’s technical investigation methodology. It outlines the social engineering tactics and victim manipulation models employed, describes the fraud actor structures behind these schemes, and highlights key infrastructure artifacts identified by Group-IB High-Tech Investigations analysts that can be leveraged by cybersecurity professionals for detection and disruption.

Scam & Phishing

Toll of Deception: Where Evasion Drives Phishing Forward

Discover the latest phishing campaign targeting a major toll road service provider, where cybercriminals use sophisticated evasion techniques to bypass security detections. This in-depth blog reveals how threat actors exploit legitimate platforms and deploy cloaking methods to disguise malicious links, allowing them to evade detection by security solutions. Discover how these sophisticated tactics create highly convincing phishing pages designed to steal victims’ card information, and how to safeguard yourself against these evolving cyber threats.

Scam & Phishing

December 11, 2024

Trust Hijacked: The Subtle Art of Phishing Through Familiar Facades

Explore the advanced tactics employed in recent email phishing campaigns targeting employees from over 30 companies across 12 industries and 15 jurisdictions. This blog unveils sophisticated techniques used to outsmart Secure Email Gateways (SEGs) and exploit trusted platforms, creating highly convincing schemes to deceive victims and steal their credentials.

Tracing the Path of VietCredCare and DuckTail

Cyber Investigations

November 21, 2024

Tracing the Path of VietCredCare and DuckTail: Vietnamese dark market of infostealers’ data

Following the arrest in May 2024 of more than 20 individuals behind Facebook infostealers campaigns in Vietnam, we have compared the tactics of operators behind VietCredCare and DuckTail stealers. These 2 malware families have been active before the arrest in Vietnam and are believed to be controlled by Vietnamese threat actors. Based on the research, we decided that the groups operate in a different way and the arrest probably affected the VietCredCare operators.

Cyber Investigations

February 21, 2024

Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses

Group-IB discovers new information stealer targeting Vietnam with rare functionality to filter out Facebook accounts with advertising credits