Scams rife on social media luring victims to divulge bank details.
ON the night of March 12, a Bogor resident who asked to be referred to as Regina lost 4.5 million rupiah (RM1,270) after giving her banking credentials to someone claiming to be a customer service representative from Bank Negara Indonesia (BNI).
The so-called representative contacted Regina after she tagged BNI’s official Twitter account, @BNI, on the social media platform to complain about a problem with her mobile banking account.
The person then directed Regina to a WhatsApp chat.
“Because I needed to resolve the issue fast and I was also not careful, I clicked the link they gave me and we chatted via WhatsApp,” she recalled, adding that she gave her 16-digit card number, as well as the three-digit card verification code and a one-time password (OTP) sent to her phone.
“I was reluctant to give them my OTP, but they convinced me that they were legitimate.
“The person even gave me their name and employee identification number,” Regina said.
After realising she had been scammed, she went to check with a teller the next day and found that the bank could not trace or return her missing funds.
“They told me that even if I reported the incident, there was no guarantee I could get my money back,” she said.
“I hope banks have a way to respond to or block these scammers so that people know which accounts are real.”
Regina is one of two million bank clients that cybercriminals have tried to lure into similar scams. The fraudsters impersonated at least seven large Indonesian financial institutions, according to a report by Group-IB, a global threat-hunting and cyber intelligence company.
The company found that as of early March, 1,600 Twitter accounts were impersonating the seven banks, 2.5 times more than the 600 fake Twitter accounts recorded in January.
“This scam campaign is consistent with a trend toward the use of multistage scams, which help fraudsters lure in their victims.
“They are successful because of the lack of comprehensive digital asset monitoring by financial institutions,” said Group-IB digital risk protection head for Asia Pacific Ilia Rozhnov.
He added that because of such attacks, banks risked losing their customers’ trust and that banks should carry out round-the-clock monitoring of the Internet to promptly detect any fraud attempts.