Scams are becoming more common in the digital world, and type you might encounter is social engineering, also known as ‘rekayasa sosial’ in Indonesian. This term basically refers to psychological manipulation.
By definition, social engineering is a tactic that scammers use to psychologically manipulate people into giving up confidential information or doing something the scammer wants.
Scammers have been using these techniques for a long time, like in the well-known case of “SMS mama minta pulsa”. Recently, they’ve taken it a step further with “account takeover” scams, where they hijak victim’s banking apps and access their accounts through the scammer’s device.
Now, scammers are coming up with more advanced social engineering techniques that allow them to steer victims into taking actions that benefit the scammer. Here are some of the common types of social engineering scams that you should be aware of.
Social Engineering Scam Techniques
There are four common social engineering techniques that scammers use, and they can happen anywhere, even online. Here are the details.
1. Baiting
This trick plays on people’s natural curiosity or excitement to get them to share important information. The “bait” usually consists of something that is offered for free or is exclusive. For example, a victim might be told they won a prize in a BCA prize draw.
2. Pretexting
In a pretexting attack, the scammer gathers information by telling a series of carefully crafted lies. The perpetrator often instils a sense of fear in the victim – such as claiming that their credit card is being used by someone else – and pretends to need sensitive information to perform an important task, like blocking the card.
This social engineeringtechnique typically involves the scammer adopting a fake identity, such as claiming to be a representative from Halo BCA Customer Service, to build trust with the victim. The scammer usually needs to engage with the victim in a more proactive manner to appear convincing.
3. Scareware
Scareware is a kind of malicious software designed to frighten victims into taking certain actions. This may include visiting a fake website, downloading harmful software (malware), or causing the victim’s system to crash. As a result, the victim may rush to download fake security apps, which can compromise their personal information and lead to scams.
4. Phishing
Phishing is a technique where a scammer impersonates a trusted institution or individual to trick the victim into clicking on a link. This can lead to the victim exposing or providing their personal data unknowingly.
Here are some common methods used in phishing:
- Voice phishing (vishing): this is when scammers use automated calls to trick you into giving up personal info.
- SMS phishing (smishing): a text messages that contains a link or prompts you to reach out to a fake email or phone number.
- Email phishing: an email that urges you to respond or follow up by clicking on a link, calling a phone number, or opening a malware attachment.
- Angler phishing: this tactic involves impersonating a trusted company’s customer service team on social media platforms.
- Search engine phishing: this method provides a link to a counterfeit website that appears at the top of search results.
- Link URL phishing: this type is delivered through emails, text messages, social media messages, and online advertisements.
- In-session phishing: this appears as fake login pop-ups while the user is browsing the web.
BCA receives a lot of reports of social engineering crimes
A significant portion of banking crime reports received by the industry, including BCA, involves social engineering. In these cases, criminals trick people into giving up their personal info such as card numbers, PINs, passwords, and OTP codes. This information is then used to access the victims’ accounts.
People often fall for these scams, sharing their personal details with the scammers, who then exploit to drain funds from their accounts.
Safety Tips from BCA
Here are some tips to help you avoid falling victim to social engineering scams.
- Don’t trust easily. Always verify that the phone number or social media account you are contacting is from an official source. For example, use the official Halo BCA phone number, the official BCA WhatsApp number, and the official BCA social media accounts.
- Verify information. If you receive any information, confirm its accuracy directly with BCA. You can do this via phone or through official social media accounts
- Avoid clicking on links carelessly. Be cautious, especially with links that lead to APK files, as they may contain malware that can compromise your device.
- Do not share personal information. Never disclose personal data such as your PIN, password, or OTP. Remember, the bank will never ask for this information from its customers.
If you encounter any suspicious activity, don’t hesitate to ask or confirm with BCA. You can contact BCA through the following official channels:
- Call Halo BCA at 1500888 (with no prefix)
- WhatsApp Bank BCA at 08111500998 (ensure the verified green badge)
- Visit BCA’s official social media accounts at www.bca.co.id/socialmedia
- Use the haloBCA app, which can be downloaded from official sources like Play Store or App Store.
Stay vigilant and protect yourself from social engineering scam by being cautious, especially when interacting with unknown individuals. #Awasmodus