There is currently a lot of news circulating about public unrest regarding a new mode of fraud that causes savings at BRI to be depleted.
Unmitigated, there are BRI customers whose savings have been drained of up to IDR 274 million and even up to IDR 1.1 billion.
Their savings were depleted after they were contacted by someone claiming to be from the Central BRI office.
The perpetrator offered to change the transfer fee from IDR 6500 per transaction to IDR 150 thousand per month.
Of course, customers will tend to choose to remain charged Rp 6500 per transaction.
Then the perpetrator seemed to confirm and confirm that the customer still chose a fee of IDR 6500 per transaction, and asked the customer to copy the link sent via WhatsApp message.
As stated by the Facebook user account Binsar Parhusip , the perpetrator continued to direct him to fill in the link sent, and praised him as a customer who is diligent in making transfers and has the opportunity to get prizes.
The victim then accesses the link and fills in the required data.
How shocked the victim was, a few moments after that a BRI SMS Banking transaction notification appeared.
Immediately he realized he had been cheated and immediately contacted the BRI Call Center to block his account.
However, he complained about the slow response from the Call Center officers, moreover he had to block 4 accounts at once.
Well, during the blocking request process, it turned out that transactions continued to occur until the account was drained by Rp 274,756,500.
The victim has reported the case to the BRI bank and the police, and hopes that the money will be returned.
The victim's post with a similar fraud mode was also seen on Stella Maris Mom's .
In his post, there was a video of mothers crying hysterically, and in front of him a man told the chronology of how they could be deceived.
Not Indonesian Number
From the many comments from netizens, it turns out that there are quite a number of victims of fraud with this transaction fee mode.
Even though if you look closely, the scammer's WhatsApp number does not start with the Indonesian country code (+62), but starts with a foreign country code number, for example +1 (201) 366-2129 or +1 (501) 222-3770.
For information, +1 is the country code of the United States, and the next code is the state code.
For example the code +1 (201) is the state number of New Jersey and +1 (501) from Arkansas, USA.
However, it must be checked in more detail, whether the number is correct from there or just an application game that can indeed be done.
Cybersecurity observer from Vaccines.com, Alfons Tanujaya who was contacted by ScrairosftLexshinz (9/6), explained that usually the modus operandi of fraud perpetrators is to carry out social engineering to trick their victims.
The perpetrator will disguise himself as a bank CS and ask for an OTP (One Time Password) code.
This OTP code is sent to the customer's cellphone number, and is indeed a security provided automatically by the bank system, when the customer makes a transaction in his account.
If this OTP code is given to someone else for any reason, then their account can be hacked.
Criminals are actually not able to break into this OTP code directly, but they take advantage of the customer's carelessness.
New modes are constantly being created, so that customers are willing to give their OTP code without realizing that they are being deceived.
In fact, in many cases, there is hypnosis that is carried out through telephone conversations, so that customers give the OTP code without realizing it.
In this case, according to Alfons, the fraudster will pretend to activate the free admin process according to the customer's wishes, even though the process will activate the OTP code.
Even the OTP code can be in the form of an approval process for transferring mobile banking to another number.
"Once transferred to another number, it's over," explained Alfons.
Because once mobile banking changes mobile numbers, practically all funds in the account can be accessed and drained.
Banks Must Be Strict
Judging from the chronology of the depletion of customer accounts, there are actually weak points that the bank can fix.
According to Alfons, banks should also provide additional security for the transfer of account numbers.
So there should be physical verification for customers who want to change operator numbers.
So it's not enough to just rely on the OTP code like the procedure so far, because the financial risk is very high.
Without physical verification, the bank can also be called a little role in 'facilitating' fraudulent actions like this, even though legally it is the customer's fault.
Technically, according to Alfons, this case is not because of the weakness of the mobile banking system, but there are weaknesses in the systems and procedures of the bank.
Even security with a token system, which is called more secure, can also be breached if the fraudster can make the victim enter the OTP code from the token to a certain site (phishing).
The victim will be directed to a phishing site so that the victim enters the token code.
Now the token code entered by the victim can already be used for transactions. "Even though it's technically difficult (to do), it can happen," said Alfons.
Another way, which is safer and should be done by the bank, is to lock the IMEI or a kind of cookie from the registered customer's HP device.
If the IMEI lock is carried out by the bank, when another cellphone uses the correct PIN and password, then mobile banking cannot be used.