The phenomenon of social engineering was one of the highlights of the financial services sector in 2023. The OJK recorded that 72,618 out of the 1,116,175 consumer complaints it addressed in the first half of last year were to do with social engineering and other fraud.

Social engineering is a method of fraud that manipulates psychological aspects and takes advantage of human error factors to obtain access to data or information that is personal and economically valuable.

According to the OJK and British management consulting firm PricewaterhouseCoopers, social engineering works through narratives that (i) include the use of false names or identities, (ii) attract interest or curiosity, (iii) induce fear or threats and/or (iv) create a sense of urgency.

Therefore, it encourages someone to provide access, data or personal and economically valuable information, such as bank accounts, credit cards and other assets. Social engineering also encourages humans to act irrationally and impulsively and not to make enough precautionary efforts to prevent mistakes, omissions and human error.

Social engineering is a phenomenon that has been around for quite some time. One example is the text message lucky draw scam. However, social engineering still causes losses and poses a threat to society today in the digital era due to the constant evolution and innovation of the actors and methods, in parallel with the development of technology and information.

The OJK reported that the value of losses due to social engineering and other fraud from 2017 to 2022 amounted to Rp 138 trillion (US$8.8 billion). One example of the most recent development in social engineering practices is the Android package kit (APK). In January 2023, the Directorate of Cybercrime of the National Police arrested 13 perpetrators of social engineering crimes who used APKs modified to resemble wedding invitations. This method allowed them to access and loot the mobile banking and digital wallets of 483 victims, amounting to Rp 12 billion.