SIM Swap Fraud is an act of duplicating someone’s SIM Card into a new one in order to obtain essential information about the victim, mainly banking data, which leads to act of fraud and theft. The stolen SIM card is taken over and claimed by the perpetrator, no longer belongs to the victim.

Sample Case:
Perpetrators obtain personal data through phishing, browsing on social media or making calls to victims. Then they trick operators into duplicating the victim's cellular phone number to a new SIM card. The operator issued a new SIM card that was misused by the perpetrators to access the victim's calls, messages, or even online banking account. When the perpetrator already has personal data and is ready for a transaction, the One Time Password (OTP) will also be sent to the new SIM number.

Source: (January 14th, 2022, https://taarifa.rw/sim-swap-a-modern-form-of-fraud/)

How to Avoid SIM Swap:

• Be alert if there is a call/SMS requesting to temporarily turn off your cellular phone, typing a special code on your cellular phone, or asking for your personal data.
• Contact your cellular operator immediately if your phone communication service suddenly does not work, such as unable to make/receive calls or SMS.
• Do not publish your mobile number on social media, or use a different number for banking activities.
• Protect your personal banking data, such as User ID, password, PIN, OTP, and other information.
• Always monitor your financial transactions through your OCBC mobile account.

Smishing or SMS phishing is the act of committing fraud through the medium of text messages by trying to influence the target to reveal their personal information or install malware on the device, which will then be misused for criminal acts.

Sample Case:
There is a message from a private number on behalf of the Bank OCBC: Congratulations, you won the lottery from OCBC with code 0123456 For more INFO click: https://ocbcnisp.blosgpot.com. Note: You are directed to click on the false link, with which they could hack all your personal data.

Source: (August 31^st, 2021, https://www.suara.com/news/2021/08/31/105807/cek-fakta-pertamina-beri-subsidi-rp-189-juta-via-sms-benarkah)

How to Avoid SMS Phishing:

• Beware of suspicious SMS claiming to be from a bank and asking you to disclose confidential data such as PIN/OTP. Contact the bank directly through their official number.
• Stay alert before clicking any link in the SMS.
• Be careful to not disclose personal data or data recorded at the bank to anyone, such as ATM/Debit Card/Credit Card numbers, PIN, access to Online Banking, and OTP connected to the app.
• Always type the URL directly in the browser to minimize the risk of fraud.
• Always read each SMS correctly and thoroughly from your cellular phone regarding the transactions you have made.
• Immediately contact the bank when there is a change in contact details such as phone number or email address, so you can still receive SMS or email notifications related to activities and transactions in online banking.
• Never send money to anyone you don't know.

Voice phishing (Vishing) is a form of telephone fraud, with the aim of provoking the victim's emotions to provide personal and sensitive information such as credit card number, password or other personal data that can be used to access the target's bank account. This fraud usually targets the elderly or people who are less tech-savvy. Be suspicious if you are lured by prizes or be pressured to provide personal data.

Sample Case:
The perpetrator contacts via telephone call, claiming to be a representative from a bank offering gifts or selling credit card products.
Perpetrator: Hello good afternoon, I am from OCBC Bank. Congratulations, you are the winner of a IDR 50 million prize! If you receive a PIN code via SMS, please state the PIN code, so we can help disburse the money into your account.
Victim: *stating the PIN code*
Perpetrator: Which account do you want the money to be sent? Can you help mention your personal data and account number to make it easier for us to disburse the money.
Victim: *states personal data and account number*
Note: When you provide personal data such as your OTP or account number, that’s the time when the perpetrator acts to access your account and steal money.

Source: (February 3^rd, 2022, https://selular.id/2022/02/luna-maya-kena-tipu-rp2-juta-telkomsel-himbau-pelanggan-rahasiakan-kode-otp/)

How to Avoid Voice Phishing:

• Do not trust easily if there are parties claiming to be from a bank
  Make sure first whether the caller is really from the bank or not. There's nothing wrong with hanging up the phone first and then calling back to make sure it's correct.
• Be careful if you are asked for personal data
  Such as ATM PIN, because the bank will never ask about it. Do not provide personal data for banking transactions to anyone, including bank officers.
• Don't panic
  When you become a potential victim of a vishing scam (voice phishing). Stay calm and think clearly so you will know what to do.

Email phishing is an act of fraud carried out via email, where the perpetrator sends suspicious messages or hacks your email account to get personal information. Email has become a must-have and used for various purposes including banking, therefore email is one of the main targets for hackers or criminals for stealing important data, including work and business matters.

Sample Case:
An email from ocbsnisp@yahoo.com asking you to register due to some incomplete data. The perpetrator also provides a suspicious link on the email for you to access.

Other methods used in fraud:

• Hacking an email account and monitoring the email
• Acting like a supplier or boss
• Sending scams asking for a certain amount of payment to a new bank account
• Fraudsters may create a new email address similar to an official business email address

Source: (August 31st, 2021, https://money.kompas.com/read/2021/08/31/100441226/waspada-email-palsu-berkedok-bank-bca-kenali-ciri-cirinya)

How to Avoid Email Scam:

• Be suspicious of any sudden changes in payment instructions or unusual requests from your boss, business partners, or creditors.
• Always check the authenticity of a request/change by contacting the other party using a previously known contact number, instead of using the information in the email.
• Use a strong password which is not easy to guess. Change passwords regularly and use Two-Factor Authentication (2FA).
• Check for viruses on your computer regularly.
• Install anti-virus, anti-spyware/malware, and firewall softwares on your computer, and make sure they are constantly updated.
• Avoid using pirated software/apps.
• Educate your employees regarding this type of fraud, especially for those responsible for making payments.
• Beware of social engineering via email.

Using social media is fun, but unconsciously you have shared information about your friends, family, and contacts that anyone can see. The information you provide may be used by fraudsters as part of a social engineering.

Sample Case:
Perpetrators sends a direct message on behalf of OCBC with a fake account and the bank logo on their profiles, asking for personal data such as User ID up to password with the excuse to update your personal data, or providing links that will lead to fake account phishing sites.

Source: (December 4^th 2021, https://www.liputan6.com/tekno/read/4742619/dapat-dm-instagram-dari-akun-tak-dikenal-hati-hati-phishing-internet-banking)

How to Avoid Social Media Scams:

• Limit the personal information you publish on social media, such as children's names, school names, pet names, etc.) The information you provide on your main profile could be the answer to the questions used to authenticate your personal data.
• Report suspicious activities or spams to the social media platform used to contact you. Spam can appear in the form of posts, messages, emails, or friend requests.
• Change your password and report suspicious activities if you think someone else has accessed your social media account.
• If you feel you are being targeted on any social media platform (Facebook, LinkedIn, Twitter, Snapchat dan Instagram), report to the platform immediately.
• If you found a fake account with your photo, take action and report it immediately.

List of OCBC official accounts:

• Facebook OCBC
• X @OCBC_Indonesia
• Instagram @peopleatocbc.id
• @OCBC_Indonesia
• Tiktok @ocbc_Indonesia
• Private Banking OCBC
• Linkedin OCBC Indonesia
• WhatsApp Business Official OCBC : 0812-1500999
• WhatsApp Business Marketing Info Official OCBC (1-way) : 0811-10606222

Crimes committed by perpetrators through e-commerce, such as account theft or hacking and personal data theft. Watch out for suspicious activities from e-commerce. The more they are, the more likely it is to be a scam.

Case Sample:
Perpetrator pretends to sell goods online at low prices. When you agree to buy, an account number will be sent and you will be asked to transfer money right away. Then the perpetrator will immediately disappear, difficult to contact, block you, and take away your money.

Source: (January 7^th, 2022 ,https://mediakonsumen.com/2022/01/07/surat-pembaca/modus-penipuan-oleh-penjual-di-shopee-2 )

Common tricks:

• Offering the latest items at very low prices!
• Payment must be made in advance!
• Payment only via Bank Transfer!
• Cannot meet for COD (Cash on Delivery)!
• Providing guarantees in their attempt to gain trust.

How to Avoid E-Commerce Phishing

• Make transactions within the legitimate platform and only use secure payment options.
• Avoid pre-payment. If possible, make payment when the goods have been received.
• Check the credibility of the seller.

Nowadays, messaging apps have become the main tool of communication, and WhatsApp is currently the most popular messaging app, so it’s not a surprise that it is used by cybercriminals to share phishing links. WhatsApp Phishing is an act of fraud carried out through WhatsApp by sending messages and claiming to be from certain parties, such as on behalf of the Bank.

Sample Case:
Perpetrators usually send messages and ask you to approve or update personal data by attaching a link for you to fill out. When you receive an OTP message, the perpetrator will ask you to send it to them. Now the perpetrator can access PIN, Password and username that you usually use for transactions.

Source: (October 13th, 2021 ,https://www.cnbcindonesia.com/tech/20211013065545-37-283461/waspada-modus-penipuan-WhatsApp-tabungan-terkuras-rugi-parah)

How to Avoid WhatsApp Phishing:

• Check the number that sends you a suspicious message, whether the number is an official account from OCBC Bank.
• Pay attention to the style of language and message writing,if there are suspicious things such as typos, grammar errors, or malicious links.
• Set account to private to restrict who can see your profile.
• Ignore unknown numbers that send certain messages, if suspicious then block and report.

How to Identify OCBC Official Accounts:

• The name listed on the WhatsApp profile is Bank OCBC.
• There is a green tick logo and the words Official Business Account or Akun Bisnis Resmi (depending on the language settings on the cellular phone).
• In the detailed information, there is a profile picture of OCBC, office address, email address, OCBC website address.
• Official OCBC WhatsApp Business number is 0812-1500 999.

Device Scams are a form of computer fraud by hacking your database. Perpetrators commit data theft to software or data destruction. Perpetrators also use smartphones to track your identity, location, and information about your friends, family and contacts. These makes you and your device a prime target for hackers.

Sample Case:
The perpetrator sends a link via SMS containing an app update or notification that your smartphone has been contaminated by virus and gives a link to update or clean the virus. The link actually contains malware to hack your cellular phone and access your personal data.

Source: (January 29^th, 2022, https://www.thecable.ng/ncc-to-nigerians-avoid-clicking-links-sent-through-sms-malware-in-circulation)

How to Avoid Device Scams:

• Use additional password/security on phone.
• As a first step, protect your phone by using a 6-digit password/PIN or using a biometric (Fingerprint/Face ID). Avoid passwords that are easy to guess.
• Check all the apps on your phone and make sure they are safe & downloaded from the official store. Avoid downloading banking apps from the web or unofficial links.
• Avoid using jailbroken or rooted device.