#LawanTipuTipuOnline

Digital Security - What is Cyber Crime

  • What is Cyber Crime
  • Identifying Types of Phising
  • Tips for Safe Transactions

WHAT IS CYBER CRIME?

The advanced development of technology brings out various innovations, which people rely on to do their daily activities. However, as technology continues to develop, security issues also arise, or known as cybercrime.

Cybercrime is an act of crime with the advantage of technology and internet, with the intention to steal or hack someone’s personal information. There are several factors vulnerable to hackers, such as cellular phone, SIM card, e-mail account, or social media platforms. These cyber crooks can intercept our inbox, take control over our calls, and steal our personal information to commit money thefts.

#LawanTipu2Online

Panduan Komprehensif Keamanan Digital Perbankan

    Sim Swap

    SMS Phishing

    Voice Phishing

    Email Phishing

    Social Media Scams

    e-Commerce Phishing

    WhatsApp Phishing

    Device Scams

SIM Swap Fraud is an act of duplicating someone’s SIM Card into a new one in order to obtain essential information about the victim, mainly banking data, which leads to act of fraud and theft. The stolen SIM card is taken over and claimed by the perpetrator, no longer belongs to the victim.

Sample Case:
Perpetrators obtain personal data through phishing, browsing on social media or making calls to victims. Then they trick operators into duplicating the victim's cellular phone number to a new SIM card. The operator issued a new SIM card that was misused by the perpetrators to access the victim's calls, messages, or even online banking account. When the perpetrator already has personal data and is ready for a transaction, the One Time Password (OTP) will also be sent to the new SIM number.

Source: (January 14th, 2022, https://taarifa.rw/sim-swap-a-modern-form-of-fraud/)

How to Avoid SIM Swap:

  • Be alert if there is a call/SMS requesting to temporarily turn off your cellular phone, typing a special code on your cellular phone, or asking for your personal data.
  • Contact your cellular operator immediately if your phone communication service suddenly does not work, such as unable to make/receive calls or SMS.
  • Do not publish your mobile number on social media, or use a different number for banking activities.
  • Protect your personal banking data, such as User ID, password, PIN, OTP, and other information.
  • Always monitor your financial transactions through your ONe Mobile OCBC NISP account.

Smishing or SMS phishing is the act of committing fraud through the medium of text messages by trying to influence the target to reveal their personal information or install malware on the device, which will then be misused for criminal acts.

Sample Case:
There is a message from a private number on behalf of the Bank OCBC NISP: Congratulations, you won the lottery from OCBC NISP with code 0123456 For more INFO click: https://ocbcnisp.blosgpot.com. Note: You are directed to click on the false link, with which they could hack all your personal data.

Source: (August 31st, 2021, https://www.suara.com/news/2021/08/31/105807/cek-fakta-pertamina-beri-subsidi-rp-189-juta-via-sms-benarkah)

How to Avoid SMS Phishing:

  • Beware of suspicious SMS claiming to be from a bank and asking you to disclose confidential data such as PIN/OTP. Contact the bank directly through their official number.
  • Stay alert before clicking any link in the SMS.
  • Be careful to not disclose personal data or data recorded at the bank to anyone, such as ATM/Debit Card/Credit Card numbers, PIN, access to Online Banking, and OTP connected to the app.
  • Always type the URL directly in the browser to minimize the risk of fraud.
  • Always read each SMS correctly and thoroughly from your cellular phone regarding the transactions you have made.
  • Immediately contact the bank when there is a change in contact details such as phone number or email address, so you can still receive SMS or email notifications related to activities and transactions in online banking.
  • Never send money to anyone you don't know.

Voice phishing (Vishing) is a form of telephone fraud, with the aim of provoking the victim's emotions to provide personal and sensitive information such as credit card number, password or other personal data that can be used to access the target's bank account. This fraud usually targets the elderly or people who are less tech-savvy. Be suspicious if you are lured by prizes or be pressured to provide personal data.

Sample Case:
The perpetrator contacts via telephone call, claiming to be a representative from a bank offering gifts or selling credit card products.
Perpetrator: Hello good afternoon, I am from OCBC NISP Bank. Congratulations, you are the winner of a IDR 50 million prize! If you receive a PIN code via SMS, please state the PIN code, so we can help disburse the money into your account.
Victim: *stating the PIN code*
Perpetrator: Which account do you want the money to be sent? Can you help mention your personal data and account number to make it easier for us to disburse the money.
Victim: *states personal data and account number*
Note: When you provide personal data such as your OTP or account number, that’s the time when the perpetrator acts to access your account and steal money.

Source: (February 3rd, 2022, https://selular.id/2022/02/luna-maya-kena-tipu-rp2-juta-telkomsel-himbau-pelanggan-rahasiakan-kode-otp/)

How to Avoid Voice Phishing:

  • Do not trust easily if there are parties claiming to be from a bank
    Make sure first whether the caller is really from the bank or not. There's nothing wrong with hanging up the phone first and then calling back to make sure it's correct.
  • Be careful if you are asked for personal data
    Such as ATM PIN, because the bank will never ask about it. Do not provide personal data for banking transactions to anyone, including bank officers.
  • Don't panic
    When you become a potential victim of a vishing scam (voice phishing). Stay calm and think clearly so you will know what to do.

Email phishing is an act of fraud carried out via email, where the perpetrator sends suspicious messages or hacks your email account to get personal information. Email has become a must-have and used for various purposes including banking, therefore email is one of the main targets for hackers or criminals for stealing important data, including work and business matters.

Sample Case:
An email from ocbsnisp@yahoo.com asking you to register due to some incomplete data. The perpetrator also provides a suspicious link on the email for you to access.

Other methods used in fraud:

  • Hacking an email account and monitoring the email
  • Acting like a supplier or boss
  • Sending scams asking for a certain amount of payment to a new bank account
  • Fraudsters may create a new email address similar to an official business email address

Source: (August 31st, 2021, https://money.kompas.com/read/2021/08/31/100441226/waspada-email-palsu-berkedok-bank-bca-kenali-ciri-cirinya)

How to Avoid Email Scam:

  • Be suspicious of any sudden changes in payment instructions or unusual requests from your boss, business partners, or creditors.
  • Always check the authenticity of a request/change by contacting the other party using a previously known contact number, instead of using the information in the email.
  • Use a strong password which is not easy to guess. Change passwords regularly and use Two-Factor Authentication (2FA).
  • Check for viruses on your computer regularly.
  • Install anti-virus, anti-spyware/malware, and firewall softwares on your computer, and make sure they are constantly updated.
  • Avoid using pirated software/apps.
  • Educate your employees regarding this type of fraud, especially for those responsible for making payments.
  • Beware of social engineering via email.

Using social media is fun, but unconsciously you have shared information about your friends, family, and contacts that anyone can see. The information you provide may be used by fraudsters as part of a social engineering.

Sample Case:
Perpetrators sends a direct message on behalf of OCBC NISP with a fake account and the bank logo on their profiles, asking for personal data such as User ID up to password with the excuse to update your personal data, or providing links that will lead to fake account phishing sites.

Source: (December 4th 2021, https://www.liputan6.com/tekno/read/4742619/dapat-dm-instagram-dari-akun-tak-dikenal-hati-hati-phishing-internet-banking)

How to Avoid Social Media Scams:

  • Limit the personal information you publish on social media, such as children's names, school names, pet names, etc.) The information you provide on your main profile could be the answer to the questions used to authenticate your personal data.
  • Report suspicious activities or spams to the social media platform used to contact you. Spam can appear in the form of posts, messages, emails, or friend requests.
  • Change your password and report suspicious activities if you think someone else has accessed your social media account.
  • If you feel you are being targeted on any social media platform (Facebook, LinkedIn, Twitter, Snapchat dan Instagram), report to the platform immediately.
  • If you found a fake account with your photo, take action and report it immediately.

List of OCBC NISP official accounts:

Crimes committed by perpetrators through e-commerce, such as account theft or hacking and personal data theft. Watch out for suspicious activities from e-commerce. The more they are, the more likely it is to be a scam.

Case Sample:
Perpetrator pretends to sell goods online at low prices. When you agree to buy, an account number will be sent and you will be asked to transfer money right away. Then the perpetrator will immediately disappear, difficult to contact, block you, and take away your money.

Source: (January 7th, 2022 ,https://mediakonsumen.com/2022/01/07/surat-pembaca/modus-penipuan-oleh-penjual-di-shopee-2 )

Common tricks:

  • Offering the latest items at very low prices!
  • Payment must be made in advance!
  • Payment only via Bank Transfer!
  • Cannot meet for COD (Cash on Delivery)!
  • Providing guarantees in their attempt to gain trust.

How to Avoid E-Commerce Phishing

  • Make transactions within the legitimate platform and only use secure payment options.
  • Avoid pre-payment. If possible, make payment when the goods have been received.
  • Check the credibility of the seller.

Nowadays, messaging apps have become the main tool of communication, and WhatsApp is currently the most popular messaging app, so it’s not a surprise that it is used by cybercriminals to share phishing links. WhatsApp Phishing is an act of fraud carried out through WhatsApp by sending messages and claiming to be from certain parties, such as on behalf of the Bank.

Sample Case:
Perpetrators usually send messages and ask you to approve or update personal data by attaching a link for you to fill out. When you receive an OTP message, the perpetrator will ask you to send it to them. Now the perpetrator can access PIN, Password and username that you usually use for transactions.

Source: (October 13th, 2021 ,https://www.cnbcindonesia.com/tech/20211013065545-37-283461/waspada-modus-penipuan-WhatsApp-tabungan-terkuras-rugi-parah)

How to Avoid WhatsApp Phishing:

  • Check the number that sends you a suspicious message, whether the number is an official account from OCBC NISP Bank.
  • Pay attention to the style of language and message writing,if there are suspicious things such as typos, grammar errors, or malicious links.
  • Set account to private to restrict who can see your profile.
  • Ignore unknown numbers that send certain messages, if suspicious then block and report.

How to Identify OCBC NISP Official Accounts:

  • The name listed on the WhatsApp profile is Bank OCBC NISP.
  • There is a green tick logo and the words Official Business Account or Akun Bisnis Resmi (depending on the language settings on the cellular phone).
  • In the detailed information, there is a profile picture of OCBC NISP, office address, email address, OCBC NISP website address.
  • Official OCBC NISP WhatsApp Business number is 0812-1500 999.

Device Scams are a form of computer fraud by hacking your database. Perpetrators commit data theft to software or data destruction. Perpetrators also use smartphones to track your identity, location, and information about your friends, family and contacts. These makes you and your device a prime target for hackers.

Sample Case:
The perpetrator sends a link via SMS containing an app update or notification that your smartphone has been contaminated by virus and gives a link to update or clean the virus. The link actually contains malware to hack your cellular phone and access your personal data.

Source: (January 29th, 2022, https://www.thecable.ng/ncc-to-nigerians-avoid-clicking-links-sent-through-sms-malware-in-circulation)

How to Avoid Device Scams:

  • Use additional password/security on phone.
  • As a first step, protect your phone by using a 6-digit password/PIN or using a biometric (Fingerprint/Face ID). Avoid passwords that are easy to guess.
  • Check all the apps on your phone and make sure they are safe & downloaded from the official store. Avoid downloading banking apps from the web or unofficial links.
  • Avoid using jailbroken or rooted device.

    ONe Mobile

    Debit Card

    Credit Cards

    Online Debit Card

    ONe Mobile QR Pay

    Poinseru

ONe Mobile, a mobile banking app by OCBC NISP, is a one-stop digital solution for all your banking needs. It is important to ensure that all transactions on ONe Mobile are smooth and secure. Increasingly sophisticated technology nowadays is also causing an increase in cybercrime. One of the targets is mobile banking accounts, with the aim of draining the customer's money in it.

ONe Mobile implements Two-Factor Authentication (2FA) or two-step verification to maintain transaction security:

  • Password
    To log in to online banking (ONe Mobile or Internet Banking). As an alternative to Password, customers can also activate Fingerprint/Face ID to log in to ONe Mobile.
  • Transaction PIN
    To authorize transactions. If you forget your Transaction PIN, it can be reactivated (as long as it is not blocked) through the Settings menu.

Always keep the confidentiality of your Password and Transaction PIN confidential to avoid any misuse by third parties.
Keeping Your ONe Mobile Secure:
  • Do not share your ONe Mobile Password or Transaction PIN with anyone including the Bank
  • Activate your banking account’s authentication service
  • Always update the ONe Mobile app
  • Do not jailbreak your smartphone, because this illegal act will make your data vulnerable to hackers.

A debit card is a transaction tool that can be used for payments by deducting funds from a bank account, as an option to cash. There are various types of Debit Card misuse as illegal means of payment, one of them is skimming. Perpetrators obtain and copy the customer’s data information contained in the Debit Card strip (on the back of the debit card, usually in black color). This action can occur when a customer uses an ATM service.

Tips to Avoid Debit Card Fraud:
  • Chip Based Security
    Make sure your Debit Card is already equipped with the more secure chip technology. If you are still using the old type, exchange it to the nearest branch immediately.
  • 6-Digit Debit PIN
    Make sure you use a 6-digit PIN every time you make a payment transaction with Debit Card.
  • Change PIN Periodically.
    Avoid PIN number that can be easily guessed, such as your birthday or wedding date.
  • Make sure your debit card is always under your supervision
    Store and take care of your Debit Card properly, don't let your Debit Card change hands carelessly.
  • Report to the Publisher if Loss Occurs
    Report to your bank or issuer as soon as you notice your Debit Card is lost or stolen. Do it as soon as possible to prevent identity theft or loss of funds in the account.

Credit cards are vulnerable to being misused by criminals as illegal payment instruments. The crime mode is under the guise of submitting an Unsecured Loan online or using data-duplicating tools such as EDC machines used for credit card payments. For administrative reasons, certain agencies often require a photocopy of an ID card or other documents. For security reasons, never duplicate Credit Cards by photocopying because they can be misused for transactions.

Banks will never ask for a photocopy of a credit card as a required document.

Tips to Avoid Credit Card Fraud:
  • Keep Personal Identities Confidential
    Do not provide any information related to Credit Cards to anyone, such as: biological mother's name, credit card validity period, card limit, and especially the three digits on the back of the card called CVV (Card Verification Value).
  • Use PIN for Transactions
    Use a PIN with a combination of numbers that is easy to remember, but avoid using your personal, child or spouse's date of birth as a PIN number because they can be easily guessed.
  • Enable Transaction Notifications
    Arrange the setting to receive SMS notifications automatically for every Credit Card transaction. If you get a notification even though you don't make a transaction, immediately report it to the card issuing bank.
  • Make sure your credit card is always under your supervision
    Store and keep credit cards properly; don't let them change hands. Keep a close eye on every transaction made at restaurants, stores, and other places.
  • Report to the Issuer in the event of a Loss
    Report to the bank when your credit card is lost or stolen. Do it as soon as possible to prevent identity theft or having to pay undue bills.

Online Debit Card is a transaction tool similar to a Credit Card or Debit Card, equipped with a card number, three CVV (Card Verification Value) numbers and an expiration date. Online Debit Cards are used to transact online in e-commerce or subscription entertainment service provider applications such as Netflix, Spotify, and so on. For OCBC NISP customers, Online Debit Cards can be created & used through the ONe Mobile application.

Tips to avoid Online Debit Card fraud:
  • Keep personal data confidential
    Do not provide information about personal data to anyone, such as User ID, Mobile Banking Password, cellular phone number, and others.
  • Utilize the security features of your Online Debit Card
    Some Online Debit Cards have features to enhance security. Through ONe Mobile app, you can set transaction limits of Online Debit Cards, thereby reducing the risk of large amount transactions.
  • Only do transactions at trusted e-commerce/sites
    Online Debit Card balance is connected to savings account, so transactions will be immediately deducted from the account balance. To ensure that your transactions are safe, make sure you only shop at trusted e-commerce, apps, or sites.
  • Block immediately when there is a suspicious transaction
    If you receive a notification of a suspicious transaction, block your Online Debit Card immediately and report it to the Bank.

QR Pay on ONe Mobile is a non-cash payment feature at all merchants which implement the QRIS standard. Payment using QR Pay is very easy, but you still need to pay attention to payment security to avoid unwanted things.

For more secure QR Transactions:
  • Protect your ONe Mobile User ID and Password
    When using QR pay in public areas, make sure you protect your ONe Mobile password information from those around you. For safer option, you can activate Fingerprint/Face ID to log in to ONe Mobile.
  • Check carefully before making payment
    Doing transactions using QR are easy & fast, but it's always a good idea to check more carefully before approving the transaction.
  • Be careful of the QR code scanned
    It is difficult to distinguish the legitimate QR code from the fake ones. So, it's better to be more cautious when scanning a QR code that automatically links to a certain website, because it might have been set up to exploit personal data or contain viruses.

Poinseru is a program as well as a loyalty platform which gives rewards in the form of points for every transaction made by OCBC NISP customers. Be cautious when logging into Poinseru with your internet banking/mobile banking User ID and password, because they can also be used to access your savings account.

Tips for secure transactions with Poinseru:
  • Do not share your Internet Banking/Mobile Banking User ID or password to other people including bank officers
  • Do not record Internet Banking/Mobile Banking User ID or password on any media
  • Always log out and clear cache after redeeming points
  • Easily change passwords via ONe Mobile for better security

You can redeem your Poinseru for prizes in the form of vouchers and goods. To maintain security when redeeming Poinseru, you need to verify (authenticate) with Transaction PIN on ONe Mobile, then enter the response code displayed on ONe Mobile to the Poinseru website page.

Safety tips when redeeming Poinseru:
  • Do not share your ONe Mobile PIN transaction code with other people including Bank officers
  • Do not record your ONe Mobile PIN Transaction in any media
  • Create or change your PIN Transaction easily via ONe Mobile for better security

Start Saving with ONe Mobile