JAKARTA - Storm scams and phishing such as BRI mobile banking burglary, fraud disguised as online courier APKs, fraudulent wedding invitations, Cold Play ticket sales fraud to freelance likes and subscriber work scams, all of which use fraudulent accounts to accommodate the proceeds of their crimes.

Quoted from Tech Wire Asia, scam is a term in cyber crime to get a sum of money and maximum profit. Usually, the perpetrators of this crime are carried out in an organized manner.

The scam crime will occur if there is a gap in the negligence and lack of thorough use of the information provided. This negligence is of course used by scammers or Phishre as an effort to extract personal data and valuable information and is used in an irresponsible way.

Interestingly, on average, the perpetrators of the world of deception have access to the banking system so that monetization of fraudulent proceeds continues to take advantage of bank accounts and digital wallets. It is certain that the fraudsters are not stupid by using their own identities to open a collection account resulting from fraud and will use a secure account.

Cybersecurity observer from Vaksincom, Alfons Tanujaya, a massive population data leak paved the way for scammers and phishers to carry out their actions. The open road in question is due to hundreds of millions of original population databases and is only armed with a blank ID card, they can make fake ID cards with real data.

"When this ID card is used to open a bank account, it will be difficult for the bank to identify the validity of the ID card physically. Because even if the blanks are fake, the NIK data, name, address and other data are genuine data and the photo remains replaced with a photo of the fraudster," said Alfons to VOI.

Leakage of Indonesian public data in recent years allows for a crime collection account that can be obtained easily. This opportunity and data leak is a determining factor for the gang of cybercriminals to withdraw money from their crimes.

"So a gang of fraudsters just concentrate on designing the perfect social engineering to trick their victims. All acts of exploitation and scams require fraudulent bank accounts to withdraw money from their crimes," he said.

On that basis, relevant state agencies such as OJK, banking, and digital wallets are expected to immediately limit the opening of fraudulent accounts used to accommodate the proceeds of crime. If necessary, add requirements where every account opening at Customer Service bank is equipped with proof of customer photo with the identity card it uses.

Alfons added that currently, checking the validity of the KTP can use the ID card chip scanner provided by Dukcapil. The goal is to be able to immediately check the validity of the KTP used when the perpetrator of the crime opens a fraudulent account.

"The related and authorized agencies should be able to limit the growth of fraudulent accounts used to accommodate the proceeds of crime. The trick is with the ID card chip scanner provided by Dukcapil so that the bank can identify fake ID cards used to open fake accounts," said Alfons.

Alfons said that currently Vaksincom has summarized four categories of cyber crimes that have occurred in Indonesia. The four categories include crime-type statistics, what social media is most often used, the names of cities that are often exposed to fraud and which banks are often used to accommodate the proceeds of these frauds.

In the crime category, Vaksincom reports that victims of freelance work fraud are in the highest ranking. It has reached thousands of people with losses reaching hundreds of billions of rupiah and this case should get serious attention from law enforcement and related parties such as Kominfo and OJK. Subsequent rankings on online gambling amounted to 9,618 or 7.13 percent of the total report.

For the social media category, Vaksincom reports that WhatsApp is ranked the highest in helping perpetrators commit crimes in 2023. The competition from WhatsApp, which is often used by cybercriminals, is none other than Telegram. The two social media were used by the perpetrators to send messages with OTP.

The name of the city that is ranked first most often by fraud is Tangerang. Tangerang received a report of 1,472 or 12.41 percent. Vaksincom also reported that several bank names that were strongly suspected of being indicated as custodians for the fraud. The Vaccicom report related to the bank indicated was taken from the Cekrekening.id site.

CekRekening.id is an Official Site from the Ministry of Communication and Information of the Republic of Indonesia which functions as a portal to collect bank account databases allegedly indicated criminal acts.

Collection can be done by anyone who wants to participate and helps fellow users of electronic transactions to create a healthy, safe and comfortable e-commerce environment. The account reported is the account related to the crime as follows:

Fraud of Fake Investments of Narcotics and Illegal Drugs of Other Crimes Terrorism Reporting comes from the public, associations, Law Enforcement Officials, and Banks.

Reporting is done online and offline. Online reporting is done through an application or website. Offline reporting by coming directly to the Ministry of Communication and Information, accompanied by bringing a copy of evidence of alleged criminal acts.

Heavy Sanctions For Cyber Crime Perpetrators

Information and Digital Forensic Technology Expert from Semarang, Solichul Huda explained, the trick of fraud through an invitation on WhatsApp was referred to as an influencer or infiltration trick, including through PDF-formed files.

Usually, intruders can control the victim's device within minutes and they only retrieve data that can provide advantages quickly such as m-banking and other important identity data.

According to him, the infiltration trick is usually combined with social engineering techniques, namely manipulation techniques using situations where people in certain conditions such as sending messages at night. "Often they target victims by taking advantage of tired hours," he said, Monday, December 4.

Huda appealed to the public when receiving suspicious invitations even though friends who are known as much as possible verify via telephone and avoid via WhatsApp chat. If you are invited to open the invitation, it is better if the device is turned off immediately.

Other preventive measures, he continued, device owners should perform double password settings in each application so that later there will be a warning or confirmation when a new application is about to be installed. Likewise in the WhatsApp messaging application by securing two steps of verification.

Apart from phishing, the mode of sniffing fraud is one of the new methods in Indonesia. Through sniffing, the perpetrator disguised himself as a package courier and then sent an application file with an APK extension. The victim is asked to open a file sent to a WhatsApp short message under the pretext of being a resi or proof of package delivery. If clicked, then the APK can steal data and drain the victim's account.

Quoted from the official website of the Financial Services Authority (OJK), sniffing is an activity of tapping data packages that is past on the internet network. happened to be an attack practice carried out by capturing data packages sent using special devices with APK file type. Worse, the malicious program will be inserted into the data package to retrieve all the victim's data.

In this context, sniffing works in the data segment on the transport layer through a malicious program that has been inserted. The program allows sniffing (sniffers) to read all the data on the victim's device. The data that is most often targeted for sniffing includes personal data, e-commerce applications, and banking applications.

Deputy Director of the Directorate of Cyber Crime (Tipidsiber) Bareskrim Polri Kombes Pol Dani Kustoni reminded all Indonesians not to carelessly click messages from social media such as WhatsApp or Telegram, especially with unknown sender numbers. This can be a phishing link or malware.

"If you haven't clicked, you should immediately do several steps such as removing the application, blocking chat senders and immediately contact the bank concerned to check the balance in the account," said Dani at the Police Criminal Investigation Building.

Dani added that every community is advised to initiate applications from reliable sources and update antivirals regularly. "In addition, always install applications from trusted sources and install antivirals that can be updated regularly," said Dani.

Dani explained that the perpetrators of cyber crimes will be dealt with firmly and subject to Articles from the ITE Law, the Money Transfer Law, the TPPU Law and the Criminal Code. For the maker or developer of the APK, it is suspected of violating Article 46 paragraph (1), (2), (3) Jo Article 30 paragraph (1), (2), (3) the ITE Law on Illegal Access and Article 48 paragraph (1) Jo Article 32 paragraph (1) of the ITE Law on the Modification of information and electronic documents and Article 50 Jo Article 34 paragraph (1) of the ITE Law on Distribution and Selling Illegal Software and Article 3, 5, 10 of the Money Laundering Law.

"Social engineering actors are subject to Article 45A paragraph (1) in conjunction with Article 28 paragraph (1) of the ITE Law on Online Fraud and Article 363 of the Criminal Code and Article 378 of the Criminal Code and Article 3, 5, 10 of the Money Laundering Law. And if there is a section for withdrawing money it will be subject to Article 82 and Article 85 of the Fund Transfer Law and Article 3, 5, 10 of the Money Laundering Law with the threat of ten years imprisonment," he said.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)