SMS scams, also known as smishing, have evolved. Scammers are now exploiting official channels such as bank phone numbers and other institutions to deceive victims. This form of phishing can be difficult to detect, so it's important to understand how these scams work and how to protect yourself.

How Does This Phishing Mode of Operation Work?

Smishing involves scammers sending SMS messages to steal personal data. These messages often appear to come from legitimate sources, such as banks, and include a link that directs victims to a fake website. This website then prompts users to enter sensitive information, such as usernames, passwords, credit card numbers, or OTP codes.

One method scammers use is setting up fake Base Transceiver Stations (BTS). According to an official statement from the Minister of Communication and Digital (Komdigi), fake BTS devices can emit signals as if they were BTS operators. In this way, perpetrators can send SMS messages en masse to cell phones in the vicinity without being detected by the operator's system.

This method often offers fake prizes or asks for people's data. There are strong indications of the use of illegal BTS devices from several locations, where radio signals were detected operating on frequencies belonging to one operator but not registered as official BTS. These findings confirm that fraudulent SMS messages are sent via illegal telecommunications infrastructure beyond the control of official operators.

Fake BTS can also intercept SMS one-time passwords (OTP) before the bank receives them, so perpetrators can fake messages as if they came from official banks. This attack is not only used to tap but also to carry out man-in-the-middle attacks, which allow fraudsters to edit messages and send them to victims.

Characteristics of SMS Scams to Watch Out For

• Messages from unknown numbers: Even if the message appears to be from an official bank number, always be wary of unexpected messages.
• Requests for personal information: Banks and other financial institutions will never ask for sensitive information such as PINs, passwords, or OTP codes via SMS.
• Suspicious links: Never click on suspicious links in SMS messages. Instead, manually type the bank's website address into your browser.
• Urgent language: Scammers often use urgent or threatening language to get you to act immediately.

The Importance of Prevention

• Never give personal information: Never give personal information such as PINs, passwords, or OTP codes to anyone over the phone, SMS, or email.
• Verify information: If you receive a suspicious message, contact the relevant institution through its official channels.
• Use two-factor authentication (2FA): Enable 2FA for an added layer of security on your online accounts.
• Update your mobile banking app: Make sure you only download and update apps from official sources.
• Beware of links: Do not click on suspicious links from unknown SMS messages.
• Report suspicious activity: Report suspicious messages or activity to your bank and the authorities.

Jasguard: Comprehensive Cyber Security Solutions from Jasnita

Jasnita is here to provide trusted cyber security solutions for companies in Indonesia with Jasguard. Jasguard is a comprehensive cyber security solution that focuses on:

• Network Security
• Cloud Security
• Endpoint Security
• Mobile Security
• IoT Security
• Application Security
• Zero Trust

Jasguard offers a variety of services to protect your business from cyber threats, including:

• Uncover Attack Surface Management: Identify and monitor potential security gaps in your system.
• Cyber Security Consulting & Advisory: Providing expert guidance to improve your security posture.
• Enhance Internal Team Awareness: Increase your internal team's awareness of cyber threats and best security practices.
• Extended Detection and Response: Detect and respond to threats quickly and effectively.

Jasguard's advantages include:

• Industry-Specific Threats: Focus on threats relevant to your industry.
• Localization & Bahasa Indonesia Support: Support in Indonesian for ease of use.
• MSME-Tailored Solutions: Solutions designed specifically for the needs of micro, small and medium enterprises (MSMEs).
• Proactive Threat Hunting & Intelligence: Proactively search for and analyze potential threats.
• Security Awareness Training with Cultural Nuance: Security awareness training tailored to local culture.

With Jasguard, your company can focus on business growth without worrying about cyber security threats. Vigilance and knowledge of fraud modus operandi are key to protecting yourself from smishing threats.