#LawanTipuTipuOnline

Smishing or SMS phishing is the act of committing fraud through the medium of text messages by trying to influence the target to reveal their personal information or install malware on the device, which will then be misused for criminal acts.

Sample Case:
There is a message from a private number on behalf of the Bank OCBC: Congratulations, you won the lottery from OCBC with code 0123456 For more INFO click: https://ocbcnisp.blosgpot.com. Note: You are directed to click on the false link, with which they could hack all your personal data.

Source: (August 31^st, 2021, https://www.suara.com/news/2021/08/31/105807/cek-fakta-pertamina-beri-subsidi-rp-189-juta-via-sms-benarkah)

How to Avoid SMS Phishing:

• Beware of suspicious SMS claiming to be from a bank and asking you to disclose confidential data such as PIN/OTP. Contact the bank directly through their official number.
• Stay alert before clicking any link in the SMS.
• Be careful to not disclose personal data or data recorded at the bank to anyone, such as ATM/Debit Card/Credit Card numbers, PIN, access to Online Banking, and OTP connected to the app.
• Always type the URL directly in the browser to minimize the risk of fraud.
• Always read each SMS correctly and thoroughly from your cellular phone regarding the transactions you have made.
• Immediately contact the bank when there is a change in contact details such as phone number or email address, so you can still receive SMS or email notifications related to activities and transactions in online banking.
• Never send money to anyone you don't know.

Voice phishing (Vishing) is a form of telephone fraud, with the aim of provoking the victim's emotions to provide personal and sensitive information such as credit card number, password or other personal data that can be used to access the target's bank account. This fraud usually targets the elderly or people who are less tech-savvy. Be suspicious if you are lured by prizes or be pressured to provide personal data.

Sample Case:
The perpetrator contacts via telephone call, claiming to be a representative from a bank offering gifts or selling credit card products.
Perpetrator: Hello good afternoon, I am from OCBC Bank. Congratulations, you are the winner of a IDR 50 million prize! If you receive a PIN code via SMS, please state the PIN code, so we can help disburse the money into your account.
Victim: *stating the PIN code*
Perpetrator: Which account do you want the money to be sent? Can you help mention your personal data and account number to make it easier for us to disburse the money.
Victim: *states personal data and account number*
Note: When you provide personal data such as your OTP or account number, that’s the time when the perpetrator acts to access your account and steal money.

Source: (February 3^rd, 2022, https://selular.id/2022/02/luna-maya-kena-tipu-rp2-juta-telkomsel-himbau-pelanggan-rahasiakan-kode-otp/)

How to Avoid Voice Phishing:

• Do not trust easily if there are parties claiming to be from a bank
  Make sure first whether the caller is really from the bank or not. There's nothing wrong with hanging up the phone first and then calling back to make sure it's correct.
• Be careful if you are asked for personal data
  Such as ATM PIN, because the bank will never ask about it. Do not provide personal data for banking transactions to anyone, including bank officers.
• Don't panic
  When you become a potential victim of a vishing scam (voice phishing). Stay calm and think clearly so you will know what to do.

Email phishing is an act of fraud carried out via email, where the perpetrator sends suspicious messages or hacks your email account to get personal information. Email has become a must-have and used for various purposes including banking, therefore email is one of the main targets for hackers or criminals for stealing important data, including work and business matters.

Sample Case:
An email from ocbsnisp@yahoo.com asking you to register due to some incomplete data. The perpetrator also provides a suspicious link on the email for you to access.

Other methods used in fraud:

• Hacking an email account and monitoring the email
• Acting like a supplier or boss
• Sending scams asking for a certain amount of payment to a new bank account
• Fraudsters may create a new email address similar to an official business email address

Source: (August 31st, 2021, https://money.kompas.com/read/2021/08/31/100441226/waspada-email-palsu-berkedok-bank-bca-kenali-ciri-cirinya)

How to Avoid Email Scam:

• Be suspicious of any sudden changes in payment instructions or unusual requests from your boss, business partners, or creditors.
• Always check the authenticity of a request/change by contacting the other party using a previously known contact number, instead of using the information in the email.
• Use a strong password which is not easy to guess. Change passwords regularly and use Two-Factor Authentication (2FA).
• Check for viruses on your computer regularly.
• Install anti-virus, anti-spyware/malware, and firewall softwares on your computer, and make sure they are constantly updated.
• Avoid using pirated software/apps.
• Educate your employees regarding this type of fraud, especially for those responsible for making payments.
• Beware of social engineering via email.

Using social media is fun, but unconsciously you have shared information about your friends, family, and contacts that anyone can see. The information you provide may be used by fraudsters as part of a social engineering.

Sample Case:
Perpetrators sends a direct message on behalf of OCBC with a fake account and the bank logo on their profiles, asking for personal data such as User ID up to password with the excuse to update your personal data, or providing links that will lead to fake account phishing sites.

Source: (December 4^th 2021, https://www.liputan6.com/tekno/read/4742619/dapat-dm-instagram-dari-akun-tak-dikenal-hati-hati-phishing-internet-banking)

How to Avoid Social Media Scams:

• Limit the personal information you publish on social media, such as children's names, school names, pet names, etc.) The information you provide on your main profile could be the answer to the questions used to authenticate your personal data.
• Report suspicious activities or spams to the social media platform used to contact you. Spam can appear in the form of posts, messages, emails, or friend requests.
• Change your password and report suspicious activities if you think someone else has accessed your social media account.
• If you feel you are being targeted on any social media platform (Facebook, LinkedIn, Twitter, Snapchat dan Instagram), report to the platform immediately.
• If you found a fake account with your photo, take action and report it immediately.

List of OCBC official accounts:

• Facebook OCBC
• X @OCBC_Indonesia
• Instagram @peopleatocbcnisp
• @OCBC_Indonesia
• Tiktok @ocbc_Indonesia
• Private Banking OCBC
• Linkedin OCBC Indonesia
• WhatsApp Business Official OCBC : 0812-1500999
• WhatsApp Business Marketing Info Official OCBC (1-way) : 0811-10606222

Crimes committed by perpetrators through e-commerce, such as account theft or hacking and personal data theft. Watch out for suspicious activities from e-commerce. The more they are, the more likely it is to be a scam.

Case Sample:
Perpetrator pretends to sell goods online at low prices. When you agree to buy, an account number will be sent and you will be asked to transfer money right away. Then the perpetrator will immediately disappear, difficult to contact, block you, and take away your money.

Source: (January 7^th, 2022 ,https://mediakonsumen.com/2022/01/07/surat-pembaca/modus-penipuan-oleh-penjual-di-shopee-2 )

Common tricks:

• Offering the latest items at very low prices!
• Payment must be made in advance!
• Payment only via Bank Transfer!
• Cannot meet for COD (Cash on Delivery)!
• Providing guarantees in their attempt to gain trust.

How to Avoid E-Commerce Phishing

• Make transactions within the legitimate platform and only use secure payment options.
• Avoid pre-payment. If possible, make payment when the goods have been received.
• Check the credibility of the seller.

Nowadays, messaging apps have become the main tool of communication, and WhatsApp is currently the most popular messaging app, so it’s not a surprise that it is used by cybercriminals to share phishing links. WhatsApp Phishing is an act of fraud carried out through WhatsApp by sending messages and claiming to be from certain parties, such as on behalf of the Bank.

Sample Case:
Perpetrators usually send messages and ask you to approve or update personal data by attaching a link for you to fill out. When you receive an OTP message, the perpetrator will ask you to send it to them. Now the perpetrator can access PIN, Password and username that you usually use for transactions.

Source: (October 13th, 2021 ,https://www.cnbcindonesia.com/tech/20211013065545-37-283461/waspada-modus-penipuan-WhatsApp-tabungan-terkuras-rugi-parah)

How to Avoid WhatsApp Phishing:

• Check the number that sends you a suspicious message, whether the number is an official account from OCBC Bank.
• Pay attention to the style of language and message writing,if there are suspicious things such as typos, grammar errors, or malicious links.
• Set account to private to restrict who can see your profile.
• Ignore unknown numbers that send certain messages, if suspicious then block and report.

How to Identify OCBC Official Accounts:

• The name listed on the WhatsApp profile is Bank OCBC.
• There is a green tick logo and the words Official Business Account or Akun Bisnis Resmi (depending on the language settings on the cellular phone).
• In the detailed information, there is a profile picture of OCBC, office address, email address, OCBC website address.
• Official OCBC WhatsApp Business number is 0812-1500 999.

Device Scams are a form of computer fraud by hacking your database. Perpetrators commit data theft to software or data destruction. Perpetrators also use smartphones to track your identity, location, and information about your friends, family and contacts. These makes you and your device a prime target for hackers.

Sample Case:
The perpetrator sends a link via SMS containing an app update or notification that your smartphone has been contaminated by virus and gives a link to update or clean the virus. The link actually contains malware to hack your cellular phone and access your personal data.

Source: (January 29^th, 2022, https://www.thecable.ng/ncc-to-nigerians-avoid-clicking-links-sent-through-sms-malware-in-circulation)

How to Avoid Device Scams:

• Use additional password/security on phone.
• As a first step, protect your phone by using a 6-digit password/PIN or using a biometric (Fingerprint/Face ID). Avoid passwords that are easy to guess.
• Check all the apps on your phone and make sure they are safe & downloaded from the official store. Avoid downloading banking apps from the web or unofficial links.
• Avoid using jailbroken or rooted device.

A debit card is a transaction tool that can be used for payments by deducting funds from a bank account, as an option to cash. There are various types of Debit Card misuse as illegal means of payment, one of them is skimming. Perpetrators obtain and copy the customer’s data information contained in the Debit Card strip (on the back of the debit card, usually in black color). This action can occur when a customer uses an ATM service.

Tips to Avoid Debit Card Fraud:

• Chip Based Security
  Make sure your Debit Card is already equipped with the more secure chip technology. If you are still using the old type, exchange it to the nearest branch immediately.
• 6-Digit Debit PIN
  Make sure you use a 6-digit PIN every time you make a payment transaction with Debit Card.
• Change PIN Periodically.
  Avoid PIN number that can be easily guessed, such as your birthday or wedding date.
• Make sure your debit card is always under your supervision
  Store and take care of your Debit Card properly, don't let your Debit Card change hands carelessly.
• Report to the Publisher if Loss Occurs
  Report to your bank or issuer as soon as you notice your Debit Card is lost or stolen. Do it as soon as possible to prevent identity theft or loss of funds in the account.

Credit cards are vulnerable to being misused by criminals as illegal payment instruments. The crime mode is under the guise of submitting an Unsecured Loan online or using data-duplicating tools such as EDC machines used for credit card payments. For administrative reasons, certain agencies often require a photocopy of an ID card or other documents. For security reasons, never duplicate Credit Cards by photocopying because they can be misused for transactions.

Banks will never ask for a photocopy of a credit card as a required document.

Tips to Avoid Credit Card Fraud:

• Keep Personal Identities Confidential
  Do not provide any information related to Credit Cards to anyone, such as: biological mother's name, credit card validity period, card limit, and especially the three digits on the back of the card called CVV (Card Verification Value).
• Use PIN for Transactions
  Use a PIN with a combination of numbers that is easy to remember, but avoid using your personal, child or spouse's date of birth as a PIN number because they can be easily guessed.
• Enable Transaction Notifications
  Arrange the setting to receive SMS notifications automatically for every Credit Card transaction. If you get a notification even though you don't make a transaction, immediately report it to the card issuing bank.
• Make sure your credit card is always under your supervision
  Store and keep credit cards properly; don't let them change hands. Keep a close eye on every transaction made at restaurants, stores, and other places.
• Report to the Issuer in the event of a Loss
  Report to the bank when your credit card is lost or stolen. Do it as soon as possible to prevent identity theft or having to pay undue bills.

Online Debit Card is a transaction tool similar to a Credit Card or Debit Card, equipped with a card number, three CVV (Card Verification Value) numbers and an expiration date. Online Debit Cards are used to transact online in e-commerce or subscription entertainment service provider applications such as Netflix, Spotify, and so on. For OCBC customers, Online Debit Cards can be created & used through the ONe Mobile application.

Tips to avoid Online Debit Card fraud:

• Keep personal data confidential
  Do not provide information about personal data to anyone, such as User ID, Mobile Banking Password, cellular phone number, and others.
• Utilize the security features of your Online Debit Card
  Some Online Debit Cards have features to enhance security. Through ONe Mobile app, you can set transaction limits of Online Debit Cards, thereby reducing the risk of large amount transactions.
• Only do transactions at trusted e-commerce/sites
  Online Debit Card balance is connected to savings account, so transactions will be immediately deducted from the account balance. To ensure that your transactions are safe, make sure you only shop at trusted e-commerce, apps, or sites.
• Block immediately when there is a suspicious transaction
  If you receive a notification of a suspicious transaction, block your Online Debit Card immediately and report it to the Bank.

QR Pay on OCBC mobile is a non-cash payment feature at all merchants which implement the QRIS standard. Payment using QR Pay is very easy, but you still need to pay attention to payment security to avoid unwanted things.

For more secure QR Transactions:

• Protect your OCBC mobile User ID and Password
  When using QR pay in public areas, make sure you protect your OCBC mobile password information from those around you. For safer option, you can activate Fingerprint/Face ID to log in to OCBC mobile.
• Check carefully before making payment
  Doing transactions using QR are easy & fast, but it's always a good idea to check more carefully before approving the transaction.
• Be careful of the QR code scanned
  It is difficult to distinguish the legitimate QR code from the fake ones. So, it's better to be more cautious when scanning a QR code that automatically links to a certain website, because it might have been set up to exploit personal data or contain viruses.

Poinseru is a program as well as a loyalty platform which gives rewards in the form of points for every transaction made by OCBC customers. Be cautious when logging into Poinseru with your internet banking/mobile banking User ID and password, because they can also be used to access your savings account.

Tips for secure transactions with Poinseru:

• Do not share your Internet Banking/Mobile Banking User ID or password to other people including bank officers
• Do not record Internet Banking/Mobile Banking User ID or password on any media
• Always log out and clear cache after redeeming points
• Easily change passwords via OCBC mobile for better security

You can redeem your Poinseru for prizes in the form of vouchers and goods. To maintain security when redeeming Poinseru, you need to verify (authenticate) with Transaction PIN on OCBC mobile, then enter the response code displayed on OCBC mobile to the Poinseru website page.

Safety tips when redeeming Poinseru:

• Do not share your OCBC mobile PIN transaction code with other people including Bank officers
• Do not record your OCBC mobile PIN Transaction in any media
• Create or change your PIN Transaction easily via OCBC mobile for better security