Social engineering has become a common crime mode through the internet. Social engineering is a crime strategy by manipulating the victim’s psychology and mind by voluntarily providing confidential data.
One example that has claim victims includes a scheme on behalf of the BPJS Kesehatan, and there are also many similar cases claiming to be from other institutions. Unknowingly, the victim gives access to the scammer to see all the data on his/her personal device. Not only that, the scammer can also access the mobile banking application and make transactions in it.
Knowing the ins and outs of how the scan works can certainly save you from falling victim to a similar scam. Find out the social engineering fraud on behalf of BPJS Kesehatan below.
Chronology of Social Engineering Fraud on Behalf of BPJS
Social engineering scammers will usually contact potential victims directly to carry out their actions. The following is the chronology of social engineering fraud on behalf of BPJS Kesehatan.
1. Contacting Victims by Pretending to Represent BPJS
Many different numbers are used by the scammers, such as 088902443xxx, 088902442xxx, etc. (personal phone number). These scammers introduce themselves as officers from BPJS Kesehatan (or from other institutions) delivering important information. They make the information so convincing that the victim trust the scammer.
2. Deactivating the Victim’s BPJS
The scammer informs that their BPJS Kesehatan has been deactivated by the head office due to indications of misuse of BPJS Kesehatan service facilities. One frequently used case is that the victim has taken illegal drugs at several hospitals using BPJS Kesehatan.
3. Suggesting to Report to the Authorities
The scammer also advised the victim to report to the police so that this case could be investigated thoroughly. The victim believes the narrative put forward by the scammer, who immediately connects the victim with the “police”, whom the scammer is actually in cahoots with.
4. Asking to Download the Team Viewers Application
The scammer asks the victim to download Team Viewers quick support application. This app can remotely access a device using another device, be it smartphones or laptops. Afterward, they are prompted for a verification ID code from the app to connect their phone to the scammer’s phone.
5. Asked to Access the BCA mobile/myBCA Application
This is where the victim is asked by the scammer to perform many steps on his/her smartphone. Then, they ask the victim to access and login to the BCA mobile/myBCA application to view previous transactions.
Unbeknownst to the victim, there were transactions completed and not done by the victim. This transaction drained almost the entire balance of the victim’s account.
Tips to Avoid the Social Engineering Fraud on Behalf of BPJS
Now that you know the chronology, it is time to start being careful with similar modus operandi. Here are steps to avoid fraud on behalf of BPJS or other parties with similar schemes.
- Do not panic and do not easily trust parties on behalf of BPJS, the Police or other agencies
- Never share personal data with anyone, including account numbers, PINs, and passwords either directly or through links that require data entry
- Do not give access to personal devices connected to your bank account
- Immediately report to the authorities if there are indications of fraud
- Immediately report to Halo BCA 1500888 or via the haloBCA app to have your case investigated
These are tips to avoid fraud on behalf of BPJS Kesehatan or other companies with similar crime modes. We sincerely hope that you are safe and avoid all types of fraud. Don’t forget to update information related to other crime modes at #AwasModus.