School of Information Systems

Cybercrime and Parcel Courier Fraud

Cybercrime refers to illegal activities conducted by criminals who exploit computer technology and internet networks to compromise a victim’s information system. In Indonesia, the Badan Siber dan Sandi Negara (BSSN) reported that over 700 million cyberattacks occurred in 2022. Alarmingly, many of these cybercrimes are committed by Indonesians themselves. Here are several types of cybercrimes:

1) Identity Theft Identity theft involves criminals using someone else’s personal information, including names, phone numbers, and even ID cards, for financial gain. This can include obtaining loans, accessing bank accounts, or making insurance claims.

2) Carding Carding is a form of cybercrime where transactions are made using someone else’s credit card.

3) Online Fraud Online fraud often involves trapping individuals through fake online loan applications. The stolen data may be used for money laundering, sold on the black market, or exploited for illegal online loans.

4) Phishing Phishing is a cybercrime typically conducted via email or social media. Perpetrators send fake links or create bogus websites with the aim of stealing critical victim data, such as personal identity, passwords, PIN codes, and OTPs (one-time passwords) for financial accounts, including mobile banking, internet banking, pay-later services, digital wallets, and credit cards.

Phishing messages exhibit the following characteristics:

a. Request for Sensitive Data: Scammers use words or phrases to request sensitive information like passwords, PINs, OTPs, credit/debit card numbers, expiry dates, and CVV/CVC codes.

b. Fake Identity: Phishing perpetrators often pose as corporate entities or friends to gain the victim’s trust.

c. Fake Links or Files: Scammers send fake download links or files, luring victims with promises of discounts or news. Caution is advised when visiting unknown websites and downloading files.

d. The New Trending Parcel Courier Fraud

i. Sending APK Files via WhatsApp: In this scam, perpetrators pretend to be couriers and send victims an APK file with a package photo. Victims unknowingly download the file, resulting in the depletion of their m-Banking balance. The APK file is suspected to be a type of Remote Administrator Tool (RAT) malware, allowing the perpetrator to control the victim’s device covertly.

ii. OTP Theft Fraud: This scam aims to steal One-Time Passwords (OTPs) sent via SMS. Victims are prompted to click on a file, which installs an application resembling a shipping service. This application is often an SMS forwarder or SMS-to-Telegram tool, designed to intercept OTPs. Even if victims claim not to have run or opened the application, it may have been installed unknowingly, granting access to their OTPs.

To safeguard against similar fraud:

• Avoid installing apps from sources outside the official app stores.

• Refuse access to read or send SMS to unknown apps and monitor app permissions.

• If you encounter an SMS-stealing application, delete it immediately and reset m-Banking.

Three Ways to Stay Safe on the Internet

Remember these three key principles when navigating the online world:

a. Think Before Accepting Requests: Examine the profiles of individuals sending friend requests or messages to ensure their authenticity. Verify privacy settings to restrict access to personal information.

b. Think Before Sending: Exercise caution before sharing any information, particularly personal or sensitive data.

c. Think Before Sharing: Adjust social media privacy settings to control who can access your information. Be selective in sharing personal details, such as addresses, phone numbers, and bank information. Never share passwords with anyone.

Insecure privacy settings can expose your information to unauthorized individuals.

References:

Erwin Halim, Marcel Vilanno