Ahead of Idul Fitri, IT expert from Untag Surabaya, Supangat, urges the public to heighten vigilance against scams via WhatsApp and SMS. Rising digital transactions are exploited by cybercriminals. Vida founder Niki Santo Luhur identifies two main methods: phishing and malware prevalent in Indonesia.
REPUBLIKA.CO.ID, SURABAYA -- IT expert from Universitas 17 Agustus 1945 (Untag) Surabaya, Supangat, states that scams via mobile numbers are increasingly creative and psychologically manipulative. "Modus penipuan lewat nomor telepon seluler sekarang semakin kreatif dan sering kali menekan psikologis korban. Karena itu masyarakat harus lebih berhati-hati, terutama saat menerima pesan dari nomor yang tidak dikenal," Supangat said in Surabaya on Sunday (8/3/2026).
Ahead of Lebaran, digital transactions and communications rise, exploited by cybercriminals. Supangat advises against clicking links or downloading APK files from unknown numbers, and using apps like GetContact or Truecaller to check number reputation. "Jika nomor tersebut banyak ditandai sebagai penipu oleh pengguna lain, maka sebaiknya segera diblokir," he said.
He emphasizes verifying emergency claims from friends or family by calling known numbers. Also, protect OTP, PIN, and passwords, as official institutions do not request them via messages. "Jika ada pihak yang meminta OTP, PIN, atau kata sandi melalui pesan atau telepon, hampir dapat dipastikan itu adalah upaya penipuan," he added.
Meanwhile, Vida Founder and Group CEO Niki Santo Luhur identifies two prevalent digital scam methods in Indonesia: phishing or smishing, luring victims to enter data like username, password, and OTP via SMS, including fake Ramadan promos or fake BTS for mass messages. The second is malware via APK files disguised as documents, enabling remote device access.
Both target user credentials. "Password dan OTP tidak lagi dapat menjadi satu-satunya cara verifikasi yang aman, mengingat maraknya kebocoran data serta berbagai teknik penipuan yang terus berkembang. Karena itu, perangkat yang kita miliki (what you have) serta identitas biometrik (who you are) perlu dilindungi dan dimanfaatkan sebagai lapisan keamanan tambahan," Niki explained.
Kaspersky's report notes banking trojan attacks on Android phones rose 56 percent in 2025, with 255,090 new APK packages, up 271 percent from 2024. These trojans steal online banking credentials via messaging apps and malicious sites. Scam spikes also occurred during 2025 THR payouts, when transaction activity increased.
