New Scam Tactic Hacks Your Mobile Banking App Through Online Wedding Invitations

- 30 January 2023 17:51 WIB
Illustration. A hand coming out of a compter taking a person's money. (Pixabay)
Illustration. A hand coming out of a compter taking a person's money. (Pixabay)

JAKARTADAILY.ID - Cyber security and digital forensics expert from Vaksincom, Alfons Tanujaya revealed that they have discovered new scams that target people's mobile banking apps via fake wedding invitations. 

"The wedding invitation actually contains APKs (Android application package files used to distribute and install software and middleware to cellphones) from outside the Play Store which, if installed, will steal the One Time Password or OTP credentials from the victim's device," Alfons said in a written statement to Saturday, January 28, 2023, according to a report from

Also Read: Argentina’s VP Fernández Guilty in B fraud, President Alberto Fernández: 'She Was Innocent'

The report from Tempo continues that according to Alfons, when this dangerous Android APK is executed, several warnings will actually appear. He gave an example such as installing applications from outside the Play Store is very dangerous and not recommended.

When the warning is ignored, another notification will appear to request SMS access for the app or APK to be installed. "Including document data and device photos for the installed malicious application," he said.

Alfons said installing the malicious application was not enough to access the victim's mobile banking account. Because accessing a mobile banking account requires a user ID, M-Banking password, a transaction approval PIN, and an OTP obtained through this malicious APK.

“So the big question is where did this criminal get the mobile banking credentials of the victim? Because this malicious APK can only steal OTP SMS," Alfons said as quoted by Tempo. He added that maybe there are criminal organizations that share databases or there is a leaked m-banking user bank database.

How to Prevent Mobile Banking from Being Hacked

Alfons explained that there are three things we can do to avoid this scam.

The first is to never install an application that is not listed on the Google Play Store or Apple App Store. Even then, sometimes applications from the Play Store are still risky because they can still be infiltrated by malware, and can be installed on our smartphones during updates. The risk is even higher if you install applications from outside the official stores, explained Alfons.

Second, Alfons continued, if you often use mobile banking and the balance at the bank is significant, it's a good idea to consider using a different cell phone. For mobile banking, the telephone number used is not given to the public and the mobile phone application is not arbitrarily installed or a very limited application is installed.

"Third, make sure the mobile banking provider you use has reliable transaction security," said Alfons.

In fact, if banks implement systems and procedures properly and cleverly, criminals will have difficulty taking over m-banking accounts.

Alfons continued to explain that a good security system and procedure for mobile banking should be implemented, even if the username, transaction PIN, and OTP were successfully controlled by scammers. The mobile banking account is still secure because moving a mobile banking account to another device must pass a very strict verification.


Editor: Suksmajati Kumara


Related Article

Latest News