2024-10-23 | Awas Modus

Beware of Scams Posing as Agencies: Exercise Discretion When Installing APKs!

Attention BCA customers, especially myBCA and BCA mobile users: be vigilant, as a new mode of fraud has emerged.

Scammers are looking for victims through WhatsApp and may extend their tactics to other platforms.

These scammers often impersonate representatives from various agencies, typically government agencies.

They engage in social engineering by claiming to provide information about tax data revisions, social security arrears, digital ID card replacements, and more.

The scam begins when the scammer sends a link, directing the victim to open it. Unwittingly, the victim opens the link, which leads to a page that resembles the Play Store.

From there, the victim is prompted to install an APK that appears to be an official application from a government agency, such as those related to tax payments, population data, or social security.

Below are some examples of fake agency applications that can be found on pages designed to look like the Play Store:

After installing the APK, victims may be asked to transfer a “stamp fee” of Rp10.000 to a specified bank account.

In some cases, they might request screen sharing, claiming it is necessary to assist with filling out required data.

The motivation behind these scams is to gain remote access and personal information from unsuspecting victims.

Once they have this access, the scammer can see, record, and control the user’s cellphone remotely.

Shortly after, the victim may notice several transactions occurring, resulting in a decrease in their account balance!

Security Tips

To protect your banking app, consider the following security tips:

  1. Always be cautious of chats, phone calls, or communications from individuals claiming to represent certain agencies. Verify their legitimacy by contacting the agency through the official number found on their official website.
  2. Avoid installing applications from unverified sources, even if they appear to be from the Google Play Store. Ensure that official Google Play links start with https://play.google.com, otherwise, they are not legitimate.
  3. Android users should disable the accessibility and assistance features and install reputable antivirus software to protect their devices.
  4. Keep your personal banking information confidential for any reason.
  5. If you receive suspicious information related to BCA, immediately contact Halo BCA at 1500888 or through the haloBCA application. 

Let’s remain vigilant against scams from now on. Stay informed about ongoing banking scams by regularly checking bca.id/awasmodus!