Online Security

[Ruserious]

I just heard about a guy in Indonesia whose computer and then phone number was hacked and he lost a bunch of money. They managed to access his banks, trading accounts etc. Other than obviously not downloading unknown software and being wary of clicking any links are there any other tips to keep protected?

Also (most importantly) does anyone know of any extra steps to protect telkomsel and/or indosat from issuing replacement sim cards? That was the biggest issue with him and then all the two factor authentification went out the window.

 

[Dave70]

That guy was a victim of 'SIM Swapping', see below video on how to avoid the scam.


I still think hardware token is safer than the two factor authentication using SMS or OTP Generator using app.

 

[Hawk256]

That guy was a victim of 'SIM Swapping', see below video on how to avoid the scam.


I still think hardware token is safer than the two factor authentication using SMS or OTP Generator using app.

I agree it is much safer but SMS and OTP work like expected 99.9% of the time and there is a very small window for fraud. Any two factor system is miles better than password alone. I used to administer a system with hardware tokens and you would be suprised how often they are misplaced and the following headaches are always long and drawn out. And that it with me adminstering the system. Get two or three other people involved and it gets even worse.

 

[Ruserious]

I only skimmed through the video but it seems to skip over the most important part - how to stop the phone companies from issuing a new sim. From what i saw the "advice" they gave in the video was pretty basic only. Seemed to focus more on dramatising the threat than how to avoid it.

I will check with telkomsel / indosat for what security they have in place and can an extra layer be added to stop a new sim being issued. I also wonder if its worth getting a second number only for banking etc since phones can usually take 2 sims now. Just keep that number well hidden.

 

[Hawk256]

I only skimmed through the video but it seems to skip over the most important part - how to stop the phone companies from issuing a new sim. From what i saw the "advice" they gave in the video was pretty basic only. Seemed to focus more on dramatising the threat than how to avoid it.

I will check with telkomsel / indosat for what security they have in place and can an extra layer be added to stop a new sim being issued. I also wonder if its worth getting a second number only for banking etc since phones can usually take 2 sims now. Just keep that number well hidden.

The carrier will be the weakest point in the equation. If they are lax and will give out new SIM cards easily, there really isn't much you can do. With that being said, I have no idea how secure their practices are in Indonesia compared to other countries.

 

[Samoerai]

The carrier will be the weakest point in the equation. If they are lax and will give out new SIM cards easily, there really isn't much you can do. With that being said, I have no idea how secure their practices are in Indonesia compared to other countries.

One month ago I had to replace my sim card here, because the sim didn't work anymore. Hmm, sounds like that footage in the video. Anyway I went to Telkomsel and got a new one. However not until my wife showed her KTP, because the sim was registered on her KK info two years ago. So, not easy to replace a sim card just like that. Telkomsel will ask for a KTP and will check their system for the info matching one's ktp.

 

[Mohammad Yusuf]

A temporary number service like AnonymSMS would be ideal for additional protection. They provide real numbers and can help maintain account security, including in 2FA cases.

 

[Shadrach]

I recently went online to my bank and might have put in the wrong password too many times. They said I needed a new password. I tried to do this several times, and the OTP was never sent, when they said they sent it. I went to the bank, and the bank staff told me, My phone account was shut off, so that was why I never received the OTP. They said go buy a new Sim card and new number, and have pulsa in my account. I did this, and went back to the bank, still no OTP sent to my phone with new number. After 3 trips to the bank, they wanted 2 forms filled, then said they have to go to the head office to settle this problem.
I asked why not just cancel the old number and use the new number? This was too practical, so now I wait in limbo, and have no online banking, and wait?
The posts above said the scammers were calling the phone company and getting a new sim with the old number. I asked for this also, but Telkomsel said No! So they gave me a new number, and now My access to my online banking is on hold, until the bank can do something as simple as cancel my old number, and put the new number on my account,
This seems like a simple request to me, but they are making it complicated! I don't get it! Aren't there hundreds of people losing their old phone numbers and buying a new Sim card, with a new Phone number? Dealing with a large bank like Mandiri?
The interesting thing was I had not used Pulsa for 15 months. I was always using WhatsApp via Internet! Why all of a sudden, did I need regular phone service?

 

[marcus]

... I still think hardware token is safer than the two factor authentication using SMS or OTP Generator using app.

Regarding this , it seems that banks are pushing people to use their apps which use a security system a lot worse than hardware token or SMS with the OTP (one-time password) . My wife has account in 2 banks in Indonesia that their apps just ask for a fixed password of 6 numbers to get full access to the account (if I am not mistaken , the selfie for face recognition is necessary only once when you install the app and register the account) .

 

[Dave70]

Regarding this , it seems that banks are pushing people to use their apps which use a security system a lot worse than hardware token or SMS with the OTP (one-time password) . My wife has account in 2 banks in Indonesia that their apps just ask for a fixed password of 6 numbers to get full access to the account (if I am not mistaken , the selfie for face recognition is necessary only once when you install the app and register the account) .

Banks are pushing apps to cut costs. I will not bank with banks that don't have hardware token or at least SMS OTP. BCA and Panin are banks that have hardware tokens in Indonesia, they also have apps for mobile banking, but I don't like using the phone for banking so I didn't install their apps. I prefer to do online banking using my computer. Mandiri is one bank in Indonesia that doesn't have website for online banking, they want to force customers to use their Livi'n app, so I almost don't use the account as I can't do any online banking without the app.

 

[harryopal1]

Hackers and scammers are like viruses; they keep mutating and coming up with new means of attack. I am always bemused when websites needing your personal information claim your details will be secure. If you went to a doctor who patted you on the head and said, "You will never get sick again", would you believe him.

 

[Shadrach]

Well then, how do you guys pay for things? Do you have to go directly to each office every month? I finally got back on with Mandiri, by going online to mandiricare.blah, blah ,blah. I didn't want to wait for the Ubud branch to contact the main office then contact me to go online to put in a new password. They contacted me that afternoon, and told to go to an ATM with a code, and put in my card, the code and say Ok on my phone. It finally worked. So now I have Livin' with Mandiri again. I can't go to the BPJS, and Telkomsel office every month, to pay the monthly bill. I guess I'll just take my chances with Hackers, and Scammers, and risk losing a few hundred bucks. I don't put much in the account, because I don't have much! What are we doing? Living in so much Fear Now? Life is not supposed to be this way!