Digital transactions has increased significantly during the Covid-19 pandemic due to changes in people’s behavior who switched to using digital services. However, behind all these increases, there are still lurking dangers, such as the practice of personal data theft.

In recent years, cases of data theft are still common in Indonesia. The losses suffered by victims are also not small if the stolen data is related to their accounts or financial services. Although there are many types and ways to steal someone’s data in this digital era, phishing and skimming techniques are the most common in Indonesia. The cause is inseparable from the unequal distribution of digital literacy in society.

What are Phishing and Skimming?

Phishing comes from the word fishing As the origin of the word, the practice of phishing is an attempt to obtain information on a person’s data by deceptive methods that lure victims to provide personal information voluntarily.

The information that becomes the target of phishing varies and depends on the goals of the perpetrators. Usually, the aims are individual information (name, age, address), account information (username and password), and financial information (credit card and account).

The victims of phishing also often provide their personal information voluntarily because the perpetrators are good at appearing as an authoritative and convincing party or institution. Be it by using a fake website or email that looks like the real thing. This simple method has succeeded in deceiving many people in Indonesia because of the unequal distribution of digital literacy.

Meanwhile, skimming is a crime with the mode of stealing the identity of customers who make transactions at ATMs by duplicating the information on the debit card and then draining the entire balance of the victim. Usually, skimmers use special tools that are not conspicuous and are attached to ATMs.

The case of skimming in Indonesia has been going on since 2009 and continues to result in many victims. It is happening because of easy access for perpetrators to commit skimming crimes on ATMs

Tips to Avoid Phishing and Skimming Practices

Digital crimes such as phishing and skimming are still common in Indonesia. Recognizing the characteristics of this crime is not an easy matter for ordinary people. Even so, it is not impossible to learn. The following are simple tips to avoid phishing and skimming practices:

Tips to avoid phishing practices

1. Get to Know the Types of Phishing

The first step to avoid phishing is to know the types of phishing that are most commonly encountered nowadays. Some of them are email phishing, web phishing, and text messaging phishing.

Email phishing: Phishing activity that attempts to trick potential victims by using email as the primary medium. Messages sent will look as if they are from the authorities or official institutions. The target can be massive, certain people (spear phishing), or specific people who have power in an organization, such as business owners, company officials, and managers (whaling).

Web phishing: Phishing activity that attempts to trick potential victims by creating a fake website. The appearance of the imitation website created by the perpetrator will also look like a copy of the official website. Potential victims can be provoked by this technique because, usually, the domain name of this fake website is similar to that of the official website.

Text message phishingAktivitas phishing yang berupaya mengelabui calon korban dengan mengirimkan pesan berbasis teks yang seolah-olah dikirimkan oleh pihak berwenang atau institusi resmi. Jika email phishing menggunakan media emailtext message phishing sering kali menggunakan aplikasi chat atau SMS sebagai media utama untuk menjangkau calon korban.

Text message phishing: Phishing activity attempting to trick potential victims by sending text-based messages as if sent by authorities or official institutions. If phishing emails use email media, phishing text messages often use chat applications or SMS as the primary medium to reach potential victims.

2. Always update information related to phishing

In this digital era, we are not always safe from online crime because criminals will continue to develop their techniques as technology advances. Therefore, we need to follow the latest news or information related to phishing, such as user data-leaking security incidents.

Find out in a simple way how the perpetrators carry out the personal data theft. Is it by using phishing emails or other techniques? The goal is to increase self-awareness of similar techniques.

3. Always check email thoroughly

In 2020, the National Cyber Security Operations Center detected around 2549 phishing email cases in Indonesia, with the highest increase in March-May 2020. Most of the sending activities happened during working hours, with a percentage reaching 55.53 percent.

Therefore, it is necessary to check and read carefully the emails we receive. Pay attention to the email address that sent the message, not just the name of the email sender. That way, we can detect earlier if the email is fake. We also need to be vigilant if the emails received are related to changes of account information, payments, or other significant matters.

4. Don’t just click the link

Actually, even though we have become the target of phishing, we do not necessarily become victims immediately. The reason is inseparable from one of the common characteristics of phishing which often embeds a link in the message sent.

These links will generally direct potential victims to visit a fake website that asks for personal information. In addition, links in phishing messages can also redirect potential victims to download malicious programs that aim to steal personal information. So, as long as we don’t click on links in phishing messages, we won’t be victims.


Tips to avoid skimming

1. Replacing ATM/Debit cards with a magnetic stripe to chip technology

Unlike phishing, which focuses more on using digital services such as email and websites, skimming is usually physical. The practice of skimming tries to steal the personal data of bank customers by duplicating the information contained on the magnetic stripe of the ATM/Debit card.

Therefore, the most effective way to avoid skimming is to replace the ATM/Debit card used. Switch from ATM/Debit cards with magnetic tape technology to ATM/Debit cards equipped with chips. This ATM/Debit card replacement is carried out in accordance with Bank Indonesia policy as stated in BI Circular Number 17/52/DKSP concerning the implementation of the National Standard for Chip Technology and the Use of a Six-Digit Online Personal Identification Number (PIN) for ATM Cards and/or Debit Cards issued in Indonesia.

2. Change the PIN code periodically

Ensuring the confidentiality of the PIN code is a customer’s main priority and obligation when transacting using a card. Not only when transacting at EDC machines but also when transacting at ATMs.

The most effective way to keep your PIN code secret is to change it regularly. That way, skimming actors may not necessarily be able to drain the balance in our account because the change in the PIN code has been done.

3. Transact at a trusted ATM

The practice of skimming usually uses a particular tool attached to ATMs. Generally, the target ATMs are ATMs located in quiet places. Therefore, if you want to avoid skimming practices, try to always transact at ATMs that are widely used by many people and trusted. For example, ATMs with the logo of state-owned banks located near bank buildings or in a minimarket.

Protecting Personal Data Requires Basic Knowledge

It is undeniable that skimming and phishing practices in this digital era are still prevalent in Indonesia. Unequal digital literacy in society is one of the potent factors for the proliferation of this digital crime. Whereas the growth of the digital economy in Indonesia is currently rising rapidly.

Identity thieves also often attack when we’re not vigilant, so it’s important not to underestimate the security of your data. Indeed, the authorities such as banks have a responsibility to protect the data of their users. However, it is not an excuse for users or customers to remain silent and feel safe with the protection that has been provided.

If we seek to protect our personal information and identity, this will make ourselves a more difficult target for data thieves. Even better, it is possible to stop them from continuing to steal our personal information and data.

When we are more diligent in monitoring balances, protecting devices and accounts by changing passwords regularly, recognizing phishing and other fraud characters, and keeping documents out of the wrong hands, we will be able to carry out our activities more calmly knowing that our personal information is more secure.