Universitas Airlangga Official Website

ABOUT UNAIR
EDUCATION
RESEARCH
COMM. SERVICE

UNAIR lecturer comments on bank account fraud using WhatsApp

The mobile banking fraud mode under using invitations sent through WhatsApp. (Illustration: @txtfrombrand/Kompas.com Twitter account)

UNAIR NEWS – The banking fraud mode in WhatsApp becomes a cause célèbre among netizens. The fraudster would send a wedding invitation in file format, directing the receiver to install the file and get their personal information stolen.

Muhammad Noor Fakhruzzaman SKom MSc, Data Science Technology lecturer at the Faculty of Advanced Technology and Multidiscipline (FTMM) Universitas Airlangga shared his professional view. He believed that the mode has long been used. The fraud mode is known as social engineering in cybersecurity.

“Social engineering is a form of breaking the cybersecurity through social interaction, like taking advantage of the WhatsApp users’ ignorance about the application file. The process is quite similar to phishing or counterfeiting bank websites, etc.,” he said.

In such cases, the fraudster uses the convenience and habits of using WhatsApp and people’s lack of awareness of digital literacy. Therefore, many WhatsApp users think that the application file is not harmful. Some even think the file contains regular pictures that are safe to download.

Muhammad Noor Fakhruzzaman SKom MSc, Data Science Technology lecturer at the Faculty of Advanced Technology and Multidiscipline (FTMM) Universitas Airlangga. (Source: ftmm.unair.ac.id)

Application Contains Exploits

The application sent by the fraudster likely contained an exploit. The exploit is used to open the backdoor, super admin access, and root to the receiver’s phone.

Besides, the fraudster usually targets Android users, considering the system uses open-source applications and operating systems to create the exploit code.

“Actually, some newly released Android phones have provided prevention mechanisms. The users must allow external sources when installing applications. However, most Indonesians don’t really read the notices carefully, they skipped them,” Ruzza said.

“Androids are safe because the fake invitation application requires the user’s consent. But most of them don’t realize and carelessly install the application,” he added.

In the end, the lecturer called users to stay alert, especially in reading the phone’s notifications.

“We also have to improve the awareness of digital literacy. No matter how strong the cybersecurity is, it will still be inferior to social engineering gaps,” he said.

Author: Rafli Noer Khairam

Editor: Binti Q. Masruroh

Share This

Berita Terkini

UNAIR NEWS
Layanan Pengaduan (Chat Only)