We have identified multiple phishing pages currently hosted on Vercel that are impersonating BIDV (Bank for Investment and Development of Vietnam).
These websites are using the official BIDV logo and pretending to be legitimate banking support or login-related pages. This is a clear case of phishing and trademark infringement, and it may put users at serious risk of credential theft and personal data exposure.
Affected URLs
The following domains are currently active and appear to be related:
https://bidv.vercel.app
https://bidv.bercel.app
https://bidv.cercel.app
https://bidv.gercel.app
https://bidv.fercel.app
These domains follow the same naming pattern and are likely operated by the same individual or group. They are clearly attempting to impersonate BIDV and mislead users by using the official brand identity (including logo and naming).
These websites are not associated with BIDV in any way. The use of the BIDV logo and brand name is unauthorized and violates trademark and anti-phishing policies.
Already Reported
We have already submitted abuse reports to Vercel under Trademark Infringement, with the following case numbers:
Case #01054282
Case #01054305
However, the phishing pages are still accessible, which may continue to put users at risk.
Requested Actions
We respectfully request that Vercel:
Remove these phishing pages as soon as possible
Investigate the accounts responsible
Remove any related phishing or brand-impersonation content
Prevent similar domains from being created again
This issue is urgent because it directly affects users’ security and the reputation of a financial institution.
Please confirm once the pages have been removed or if further information is required.
The domain troubleshooting guide can help with most custom domain configuration issues. You might be able to use that guide to solve it before a human is available to help you. Then you can come back here and share the answer for bonus points.
You can also use v0 to narrow down the possibilities.
I would like to request an update regarding the previously reported phishing domains related to the BIDV impersonation case (Case #01054282 and #01054305).
After further review, we found that these pages are not only using the official logo of BIDV, but they also contain sensitive banking-related information displayed directly on the site.
This significantly increases the risk to users because the site is not just a brand impersonation page anymore — it is actively exposing sensitive financial information and could potentially be used for credential harvesting or financial fraud.
These pages are still accessible on Vercel, and the risk level should now be considered high priority.
We kindly request:
An urgent update on the status of Case #01054282 and #01054305
Immediate removal of the affected domains
Investigation of any related accounts hosting similar content
Please let us know if any additional information or screenshots are required from our side.
Thanks for letting us know about a potentially dangerous site. You did the right thing reporting it through the form at vercel.com/abuse. I checked the status and can see that these cases were assigned to the correct team and are waiting for the next available team member.
Members of this community generally do not have access to the systems and tools needed to handle malicious sites. But the abuse reporting form opens a ticket with specialists who can investigate your report and take appropriate action.
Reported sites are reviewed by real people, not just machines, so the full review process can take some time. Thank you again for reporting potentially harmful sites and for your patience while reports are investigated.
