TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Digital platforms ramp up security to tackle ‘social engineering’, fraud

  • Made Anthony Iswara
    Made Anthony Iswara

    The Jakarta Post

Jakarta   /   Fri, October 2, 2020   /   11:38 am
Digital platforms ramp up security to tackle ‘social engineering’, fraud Indonesia has yet to join the club of nations from Brazil to China and India that have issued stringent regulations on personal data protection, modeled on the European Union General Data Protection Regulation (GDPR), which protects citizens from privacy and data breaches regardless of where the data is processed and which recognizes citizens’ “right to be forgotten”, so users can ask for data erasure and delisting from digital platforms and search engines. (Shutterstock/PopTika)

Digital platforms are fortifying security measures to prevent so-called social engineering threats and other online fraud, as more and more people go online to spend money and do business during the pandemic.

Gojek’s vice president of information security, Hana Abriyansyah, said the ride-hailing giant had launched #AmanBersamaGoJek (#SafeWithGoJek), a program that educates its users, merchants and drivers on best practices in digital security, as well as developing security technologies.

Technologies touted in the initiative include biometric authentication, face verification and number masking, among a slew of other features.

“Gojek is keen on contributing to increasing digital literacy so that people themselves can avoid being psychologically manipulated through social engineering,” Hana said in a webinar on Wednesday.

In the context of information security, social engineering is described as the act of manipulating individuals into revealing confidential, if not personal information that may be used for fraudulent purposes.

One example includes scammers asking for one-time passwords (OTP) via text message or through a feature called call forwarding, in which the victim’s phone call is diverted to another number for scammers to attain verification codes without the victim being aware of the call diversion. OTP is typically used to verify payments.

Read also: Be alert of the ‘social engineering’ threat and a new wave of online frauds

Besides Gojek, online marketplace Bukalapak is also adapting to such threats. Its senior corporate communications manager, Gicha Graciella, told The Jakarta Post that cybersecurity risks such as social engineering could happen to anyone at any time, especially when people sheltering at home from the coronavirus were spending more time online to fulfill their needs.

She said Bukalapak was using layered security when receiving, saving and processing data to prevent data misuse. The marketplace is also using cloud-based storage to fortify users’ data security.

“At Bukalapak, the safety of all users is our top priority, so we always make an effort from time to time to improve the security and convenience of our users and ensure that their data is not misused,” she said.

Gicha suggested that users change their passwords regularly, keep their personal information secret and contact customer service should they stumble on anything suspicious – steps outlined in the firm’s “4 Aman, 5 Sempurna” (4 is Protected, 5 is Fail-safe) motto.

Gojek and Bukalapak are among a slew of information technology platforms that are ramping up security to anticipate social engineering threats and a new wave of online fraud during the pandemic.

Read also: Indonesian businesses ramp up cybersecurity budget amid rampant attacks

Based on data from Statistics Indonesia (BPS) published in August, the number of online shops and products sold there fell from February to March, when the virus’ spread was starting to be reported in Indonesia, but the figures have since gradually rose in subsequent months.

Echoing BPS data, Tony Seno Hartono, adjunct researcher at Gadjah Mada University’s (UGM) Center for Digital Society, quoted various dataset in a webinar earlier this week showing that COVID-19 has caused people to spend more time on food and drink apps and led them to try new digital shopping methods, among other lifestyle changes.

As people become more dependent on digital platforms, the frequency of online fraud and social engineering is expected to increase in the next few months, he added.

Online fraud makes up the second-largest category of cases filed in police reports in Indonesia between January and September this year, and  contributes to more than a quarter of all cybercrime cases in that period, according to data from the National Police’s Criminal Investigation Department (Bareskrim).

 

As a nation, Indonesia is especially vulnerable to social engineering and fraud due to the low level of digital literacy despite high penetration rates, an UGM report published in February this year noted. The Gojek-backed study emphasized increasing digital literacy to tackle social engineering.

“Before the pandemic, security was already a key factor in creating digital platforms. Now, with everyone hopping onto digital platforms, security is becoming even more important,” Tony said.

He called on the government and lawmakers to promptly conclude the personal data protection bill, which would raise awareness on the importance of protecting personal data.

The Communications and Information Ministry was not immediately available for comment when contacted by the Post on Thursday.

However, Minister Johnny G. Plate said on Sept. 7 that the government and the House of Representatives had agreed on 66 points on the bill’s problem inventory list (DIM), while other points were set to be discussed at the working committee level beginning this week.

The ministry issued a press release confirming that both sides aimed to conclude the bill by November. “The government is ready and the public is waiting for us to create an adequate legal umbrella in the interest of protecting people's personal data," the minister said.

 

Editor’s note: This article has been updated.