In Case of Account Burglary Using Wedding Invitation APK Click Mode, East Java Regional Police Hunt for Syndicate Mastermind
The East Java Regional Police Cyber Team continues to develop the case of one member of a hacker syndicate who drained the account of IDR 1.4 billion belonging to the mother of a vehicle accessories boss from Lawang, using the mode of sending a marriage invitation application (APK) via WhatsApp (WA).
Head of Sub-Directorate V Cyber Crime Ditreskrimsus Polda East Java, AKBP Henri Novere Santoso said that his party was hunting for the mastermind of the crime syndicate, with the initials AM. AM's profile has even been included in the people wanted list (DPO).
It is strongly suspected that AM is the mastermind and creator of the fake digital invitation application which is used to intercept important data for validating and verifying banking transactions via gadgets.
"There is one suspect who is on DPO, in the name of AM (currently being chased)," said AKBP Henri when contacted by SURYA.CO.ID, Saturday (21/10/2023).
Some time ago, a member of the syndicate was arrested. The suspect with the initials GHW (35) is a resident of Kotabatu, Ilir Timur Tiga, Palembang City.
GHW is known to work as a porter and guard at a market in Palembang City.
Based on the information gathered, Henri explained that the role of the suspect GHW was only to create an account number to accommodate the proceeds of crime from the victims who were deceived.
The GHW suspect has been part of the syndicate for five years. However, the suspect did not have hacking skills or IT programming language to create the application used to carry out fraudulent acts.
"The suspect has no ability to manipulate using the application. The evidence was confiscated by the perpetrator's ATM card, savings book and cellphone. How the syndicate works," explained Henri.
Regarding the profits obtained by the suspect, Henri revealed that the suspect GHW received a profit of IDR 500 thousand for one account number.
And it turns out, the syndicate that the suspect GHW joined, is strongly suspected of having cheated using this method, spreading fictitious applications to hundreds of people.
"(There is no evidence of money) The money has been used up by the suspect. We are still developing the other suspects and we are looking for their whereabouts. There are already hundreds of victims of the syndicate," he explained.
The suspect was arrested in one of his hiding places in the Palembang City area on Wednesday (26/7/2023).
Or two months later after reporting to the Malang Police on Wednesday (31/5/2023), and a month after reporting to the East Java Regional Police on Wednesday (5/7/2023).
Then, Wednesday (18/10/2023), the case file for the case was declared complete or P-21.
So, continued Henri, investigators from Unit I Subdit V Cyber Crime Ditreskrimsus East Java Regional Police transferred the suspect to the Malang Prosecutor's Office, as the 2nd stage of the process.
The suspect is subject to Article 30 paragraph (2) in conjunction with Article 46 paragraph (2) and/or Article 32 paragraph (1) in conjunction with Article 48 paragraph (1) and/or Article 35 in conjunction with Article 51 paragraph (1) of Law No. 19 of 2016 concerning amendments to the Law No. 11 of 2008 concerning Electronic Information and Transactions, and/or Participating in Criminal Actsas intended in Article 55 paragraph 1 of the Criminal Code.
"The threat of a 12 year sentence," concluded the former Head of Multimedia Sub-Directorate for Public Relations of the East Java Regional Police.
As previously reported, because of pressing the click button on the application link (APK) in the marriage invitation format, Silvia Yap (52), a vehicle accessories owner from Lawang, Malang Regency, lost her savings account worth IDR 1.4 billion.
The billions of savings that disappeared were deposited into the account number of a sub-branch office (KCP) of a state-owned bank in the Lawang area, Malang City.
When tracing the transaction process, the money can be lost. It turned out that his money was lost in several transactions via m-Banking.
The victim considered this strange. The reason is, while he was a customer of this bank, he had never activated or had an m-Banking account for his account number.
The chronology of the case of alleged criminal acts of Information and Illegal Electronic Transactions, access experienced by the victim, was conveyed by the victim's attorney, Hilmy F Ali.
It started when I received a WhatsApp (WA) message from an unknown number which sent an application software (APK).
The application is 5 MB in size, with the words 'Wedding Invitation' in bold font at 10.00 WIB, Wednesday (24/5/2023).
Then the victim pressed to click on the message, which turned out to appear an invitation image like an advertising brochure. Next, the victim blocks the number of the message sender.
Still on the same day, at 21.00 WIB, a notification (Notification) came in that there was an SMS or email explaining that there had been an attempt at illegal access activity that had entered the email.
Because of this, the victim then transferred data to another cellphone (cellphone) using Smartswitch. Then, change the email password.
On Wednesday (25/5/2023) at around 21.00 WIB, there was a notification from email informing us that there had been a transfer of funds from two BRI account numbers belonging to the victim, to three unknown account numbers.
Apart from that, there were also strange unknown transactions via m-Banking banking services, then several fund transfers to QRIS and some funds to credit to an unknown cellphone number.
In total, the number of transactions not carried out from the victim's account reached IDR 1.4 billion.
The client's money was drained through dozens of transactions from 22.00 WIB to 03.00 WIB, which the victim did not know about.
When the victim checks the total amount of his savings. It turns out, there was only around two million rupiah left.
"The money was released via BRImo, it was a transfer to another bank account. Then there was BRIVA. There was also a top up of credit worth 40 million. From 22.00 at night until 03.00 WIB, there were a total of dozens of transactions. "Yes, the next morning it was blocked but it had been drained, only IDR 2 million was left," said the victim's attorney, Hilmy F Ali in front of the East Java Regional Police Headquarters SPKT, Wednesday (5/6/2023).
Meanwhile, the BRI Malang Sutoyo Branch Office responded to the case.
Head of the BRI Malang Sutoyo Branch Office, Akhmad Fajar, said that BRI had carried out an investigation into the victim's complaint and BRI deeply regretted this incident.
He said that the problem experienced by the victim was a crime of online fraud or social engineering.
This results in the victim leaking private and confidential banking transaction data (OTP Code) to irresponsible parties, so that internet banking transactions can run successfully.
"BRI empathizes with this, however, the bank will only provide compensation for losses to customers if negligence is caused by the banking system," said Akhmad Fajar in a written statement received by SURYA.CO.ID on Thursday (6/7/2023).
BRI always urges customers to be more careful and not to download, install or access unofficial applications.
Customers are also advised to maintain the confidentiality of personal data and banking data to other people or parties on behalf of BRI.
This includes, continued Akhmad Fajar, providing information on personal data and banking data, such as account numbers, card numbers, PINs, users, passwords, OTP and so on via link channels or websites whose sources cannot be verified.
With the increasing variety of digital fraud modes, BRI also urges customers not to just install applications from unofficial and irresponsible sources.
"Data or information can be stolen by fraudsters, if people install applications from unofficial sources sent by irresponsible parties," he explained.
Akhmad Fajar continually appeals to the general public the same thing, that this social engineering fraud method can also occur in any bank.
BRI always maintains customer data confidentiality, and never contacts customers to ask for confidential data such as usernames, passwords, PINs or OTP codes and so on.
Apart from that, BRI only uses official channels, both websites and social media (verified) as communication media that can be accessed by the public at large via pages or accounts.
These include the following, Website: www.bri.co.id, Instagram: @bankbri_id, Twitter: @bankbri_id, @kontakbri, @promo_BRI. Then, Facebook: Bank BRI, Youtube: Bank BRI and Tiktok: @bankbri_id
"For further information, you can visit the nearest BRI office or contact BRI Contact 14017/1500017," he concluded.
Kasus Pembobolan Rekening Bermodus Klik APK Undangan Nikah, Polda Jatim Buru Sosok Otak Sindikat
Tim Siber Polda Jatim terus mengembangkan kasus satu anggota sindikat hacker penguras rekening Rp 1,4 miliar milik emak-emak juragan aksesori kendaraan asal Lawang, bermodus kirim aplikasi (Apk) undangan nikah via WhatsApp (WA).
Kasubdit V Cyber Crime Ditreskrimsus Polda Jatim, AKBP Henri Novere Santoso mengatakan, pihaknya sedang memburu sosok otak kejahatan sindikat tersebut, berinisial AM. Profil AM bahkan telah masuk dalam daftar pencarian orang (DPO).
Diduga kuat, sosok AM merupakan otak sekaligus pembuat aplikasi palsu undangan digital yang digunakan menyadap data penting untuk bahan validasi dan verifikasi transaksi perbankan via gadget.
"Ada satu tersangka yang sudah di DPO, atas nama AM (sedang dalam pengejaran)," ujar AKBP Henri saat dihubungi SURYA.CO.ID, Sabtu (21/10/2023).
Beberapa waktu lalu, seorang anggota sindikat tersebut berhasil ditangkap. Tersangka berinisial GHW (35) warga Kotabatu, Ilir Timur Tiga, Kota Palembang.
GHW diketahui bekerja sebagai kuli panggul sekaligus penjaga salah satu pasar di Kota Palembang.
Berdasarkan informasi yang dihimpun, Henri menerangkan, peran tersangka GHW hanya membuat nomor rekening untuk menampung uang hasil kejahatan dari para para korban yang tertipu.
Tersangka GHW telah tergabung dalam sindikat tersebut selama lima tahun. Namun, tersangka tidak memiliki kemampuan meretas atau bahasa pemrograman IT hingga membuat aplikasi yang digunakan melancarkan aksi penipuan.
"Tersangka tidak ada kemampuan memanipulasi menggunakan aplikasi. Barang bukti yang disita kartu ATM, buku tabungan dan handphone pelaku. Cara kerjanya sindikat," jelas Henri.
Mengenai keuntungan yang diperoleh tersangka, Henri mengungkapkan, tersangka GHW memperoleh keuntungan Rp 500 ribu untuk satu nomor rekening.
Dan ternyata, sindikat yang diikuti tersangka GHW, diduga kuat telah menipu menggunakan modus tersebut, menyebar aplikasi fiktif kepada ratusan orang.
"(Barang bukti uang tidak ada) Uang sudah habis digunakan tersangka. Tersangka yang lainnya masih kami kembangkan dan kami cari keberadaannya. Korban sindikat tersebut sudah ratusan orang," terangnya.
Tersangka ditangkap di salah satu tempat persembunyiannya kawasan Kota Palembang pada Rabu (26/7/2023).
Atau berselang dua bulan pascalapor ke Polres Malang pada Rabu (31/5/2023), dan sebulan pascalapor ke Polda Jatim pada Rabu (5/7/2023).
Kemudian, Rabu (18/10/2023), berkas perkara kasus tersebut telah dinyatakan lengkap atau P-21.
Sehingga, lanjut Henri, penyidik Unit I Subdit V Cyber Crime Ditreskrimsus Polda Jatim melimpah tersangka ke Kejari Malang, sebagai proses Tahap ke-2.
Tersangka dikenai Pasal 30 ayat (2) jo Pasal 46 ayat (2) dan atau Pasal 32 ayat (1) jo Pasal 48 ayat (1) dan atau Pasal 35 jo Pasal 51 ayat (1) UU No 19 Tahun 2016 tentang perubahan atas UU No 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik, dan atau Turut serta melakukan Tindak Pidana sebagaimana dimaksud dalam Pasal 55 ayat 1 KUHP.
"Ancaman hukuman 12 tahun," pungkas mantan Kasubdit Multimedia Bidang Humas Polda Jatim itu.
Diberitakan sebelumnya, gegara menekan tombol klik pada tautan aplikasi (APK) berformat undang menikah, Silvia Yap (52) juragan aksesori kendaraan asal Lawang, Kabupaten Malang, kehilangan uang tabungan rekeningnya senilai Rp 1,4 miliar.
Miliaran uang tabungan yang raib tersebut, disimpan ke dalam nomor rekening sebuah kantor cabang pembantu (KCP) sebuah bank berpelat merah di kawasan Lawang, Kota Malang.
Saat menelusuri proses transaksi uangnya itu bisa hilang. Ternyata, uang miliknya hilang dalam beberapa kali transaksi melalui m-Banking.
Hal itu dianggap aneh oleh korban. Pasalnya, selama menjadi nasabah bank tersebut, ia belum pernah mengaktivasi atau pun memiliki akun m-Banking untuk nomor rekeningnya.
Kronologi kasus dugaan peristiwa tindak pidana Informasi dan Transaksi Elektronik llegal Akses yang dialami korban, disampaikan oleh kuasa hukum korban, Hilmy F Ali.
Bermula saat mendapatkan sebuah pesan WhatsApp (WA) dari nomor tak dikenal yang mengirimkan sebuah software aplikasi (APK).
Aplikasi tersebut berukuran 5 MB, dengan bertuliskan 'Undangan Pernikahan' dalam font tulisan bercetak tebal pada pukul 10.00 WIB, Rabu (24/5/2023).
Kemudian korban menekankan klik pada pesan tersebut, yang ternyata muncul gambar undangan seperti brosur iklan. Selanjutnya korban memblokir nomor pengirim pesan tersebut.
Masih di hari yang sama, pada pukul 21.00 WIB, terdapat pemberitahuan (Notifikasi) masuk bahwa terdapat SMS atau email yang menjelaskan adanya upaya aktivitas akses ilegal yang masuk ke emailnya.
Karena hal tersebut, kemudian korban memindahkan data ke handphone (Hape) yang lain menggunakan Smartswitch. Lalu, mengganti password email.
Pada Rabu (25/5/2023) sekitar pukul 21.00 WIB, terdapat notifikasi dari email yang memberitahukan bahwa terdapat transfer dana dari dua nomor rekening BRI milik korban, ke tiga nomor rekening tak dikenal.
Selain itu, ada juga transaksi aneh tak dikenal via m-Banking layanan perbankan, lalu beberapa transfer dana ke QRIS dan beberapa dana ke pulsa ke sebuah nomor ponsel tak dikenal.
Jika ditotal, jumlah transaksi yang tidak lakukan dari rekening korban mencapai angka sebesar Rp 1,4 miliar.
Terkurasnya uang kliennya itu, melalui belasan kali transaksi sejak pukul 22.00 WIB, hingga 03.00 WIB, yang tak diketahui oleh pihak korban.
Saat korban memeriksa jumlah total tabungannya. Ternyata, hanya bersisa sekitar dua juta rupiah.
"Keluarnya uang itu melalui BRImo, itu transfer pindah ke rekening bank lain. Kemudian ada yang BRIVA. Ada juga yang melalui top up pulsa senilai 40 juta. Dari jam 22.00 malam sampai jam 03.00 WIB, total ada belasan transaksi. Sudah, keesokan paginya sudah diblokir tapi sudah terkuras, tersisa cuma Rp 2 jutaan," ujar Kuasa Hukum korban, Hilmy F Ali di depan SPKT Mapolda Jatim, Rabu (5/6/2023).
Sementara itu, Kantor Cabang BRI Malang Sutoyo memberikan menanggapi adanya kasus tersebut.
Pemimpin Kantor Cabang BRI Malang Sutoyo, Akhmad Fajar mengatakan, BRI telah melakukan investigasi atas pengaduan korban dan BRI sangat menyesalkan kejadian tersebut.
Pihaknya menyebutkan, permasalahan yang dialami korban merupakan tindak kejahatan penipuan online atau social engineering.
Sehingga berakibat korban membocorkan data transaksi perbankan (Kode OTP) yang bersifat pribadi dan rahasia pada pihak yang tidak bertanggung jawab, sehingga transaksi di internet banking dapat berjalan dengan sukses.
"BRI berempati atas hal tersebut, namun demikian bank hanya akan melakukan penggantian kerugian kepada nasabah apabila kelalaian diakibatkan oleh sistem perbankan," ujar Akhmad Fajar dalam keterangan tertulisnya yang diterima SURYA.CO.ID pada Kamis (6/7/2023).
BRI senantiasa mengimbau nasabah, agar lebih berhati-hati dan tidak mengunduh, menginstal, maupun mengakses aplikasi tidak resmi.
Serta diimbau, agar nasabah tetap menjaga kerahasiaan data pribadi dan data perbankan kepada orang lain atau pihak yang mengatasnamakan BRI.
Termasuk, lanjut Akhmad Fajar, memberikan informasi data pribadi maupun data perbankan, seperti nomor rekening, nomor kartu, PIN, user, password, OTP dan sebagainya melalui saluran tautan atau website dengan sumber yang tidak dapat dipertanggungjawabkan kebenarannya.
Semakin beragamnya modus penipuan secara digital, BRI juga mengimbau agar nasabah tidak sembarang menginstall aplikasi dengan sumber yang tidak resmi dan tidak dapat dipertanggungjawabkan.
"Data atau informasi dapat dicuri oleh para fraudster, apabila masyarakat menginstall aplikasi dengan sumber tidak resmi yang dikirimkan oleh pihak-pihak yang tidak bertanggung jawab," terangnya.
Akhmad Fajar tak henti-henti mengimbau hal yang sama ke masyarakat umum, bahwa modus penipuan social engineering tersebut juga dapat terjadi di bank manapun.
BRI selalu menjaga data kerahasiaan nasabah, dan tidak pernah menghubungi nasabah untuk meminta data rahasia seperti username, password, PIN maupun kode OTP dan sebagainya.
Selain itu, BRI hanya menggunakan saluran resmi baik website maupun media sosial (verified) sebagai media komunikasi yang dapat diakses oleh masyarakat secara luas melalui laman atau akun
Diantaranya sebagai berikut, Website: www.bri.co.id, Instagram: @bankbri_id, Twitter: @bankbri_id, @kontakbri, @promo_BRI. Kemudian, Facebook: Bank BRI, Youtube: Bank BRI dan Tiktok: @bankbri_id
"Info lebih lanjut, dapat mengunjungi Kantor BRI terdekat atau menghubungi Contact BRI 14017/1500017," pungkasnya.
0 Comments