Victims of online retail fraud in Indonesia tend to cut their losses, chalking down their experience as a lesson to be more careful before buying goods over the Internet. But there are measures that can be taken if you become the victim of such fraud – though you may never get your money back.
Prevention is the best solution. So if you’re looking to buy an Apple MacBook Pro with Retina display and a powerful Haswell processor, don’t be lured by cheap prices on public marketplace sites such as kaskus.co.id and olx.co.id (formerly tokobagus.com). It makes little sense for a $1,500 laptop from 2014 to be offered for Rp.5.55 million ($427), even when it is listed as second-hand.
You should buy only from online vendors with positive, established feedback, although beware of overly positive testimonials. Be on the lookout for erroneous product descriptions. Avoid vendors who ignore requests for new photos of the product.
If a vendor refuses to meet in a safe public location to show you the advertised product—and instead insists on a bank transfer rather than a direct cash payment—it’s probably not worth pursuing the purchase.
Yet online forums are full of tales of woe from people who transferred money for ‘bargain’ products, only for them to never arrive. Some victims say it is not worth reporting their loss because they would have to pay police for any investigation leading to a refund.
If you are the victim of such fraud, the first thing to do is phone the vendor. If they refuse to take your calls, then send formal text messages, explaining you will report them to the police and to their bank if they fail to refund your money within 24 hours. You can also report them to the site on which they advertised, which will likely result only in their account being deactivated.
Several anti-scam websites and blogs insist that reporting online fraud to the police doesn’t have to cost money. They claim you can simply send an email to firstname.lastname@example.org—including the fraudster’s mobile phone number and bank account details—and police will then simply block the scammer’s bank account. Unfortunately, this is nonsense. Police do not even use the email address email@example.com.
Members of the public wishing to report a cyber crime are advised to do it in person, and to bring evidence, such as print-outs of ads and transfer receipts. The official email address to report crimes is firstname.lastname@example.org, though it is not dedicated to online fraud. Bank Indonesia, the central bank, also accepts complaints of online fraud at email@example.com.
If you do visit a police office to report a crime, you should request a brief document called STPL (Surat Tanda Penerimaan Laporan – Letter of Proof of Receipt of Report), which outlines the alleged crime. You can ask the officer typing up the letter to include the relevant section of the Criminal Code (Article 378 on fraud) and Article 28 of Law No. 11/2008 on Electronic Information and Transactions.
Once you have an SLTP, you can make a formal report to the bank used by the scammer. Again, you’ll need all supporting transfer slips or screenshots or print-outs, as well as a written chronology of the fraud. The bank may then take action – or it may do nothing. Threaten to report the bank to Bank Indonesia if it doesn’t take any action.
Police do sometimes track down and arrest online scammers, although some perpetrators cover their tracks by using bank accounts in other people’s names.
Reza (27), a resident of Pekalongan, West Java, in March 2013 was in an internet cafe with some friends when they were approached by a man who offered them money to open some bank accounts.
The next day, Reza and one of his friends went to a state-owned bank and each opened an account, one with an opening balance of Rp.250,000 and the other with Rp.150,000. They then withdrew Rp.200,000 and Rp.100,000 respectively. Next they gave the passbooks and ATM cards to the stranger, who paid each of them Rp.200,000.
Over the following months, Reza and his friend were visited by people who claimed to have transferred millions of rupiah to their accounts for online purchases of goods that never arrived. Reza eventually reported the matter to police last month, claiming he was also a victim of the scammer.
The Electronic Information and Transactions Law, which is supposed to protect people from online fraud, is being grossly misused to crack down on freedom of speech, evidenced by the recent jailing of a woman for writing private messages on Facebook to complain that her husband was abusing her.
The husband hacked her Facebook account, found the messages and then had her prosecuted.
Meanwhile, online and banking scams continue to flourish. One of the more recent ones involves an SMS declaring your bank account has won a cash reward from state-owned banks such as Bank Negara Indonesia (BNI) and Bank Rakyat Indonesia (BRI). Recipients are advised to process their “winnings” online at absurdly named websites such as www.bnipestarezei.blogspot.com (now shut down). As if a major state-owned bank would use a free blogging service. People who visit such sites are asked to transfer funds for the payment of fees to collect for their “huge prizes”.
Local media reports recently claimed that Bank Central Asia (BCA) customers are being targeted by scammers trying to obtain passwords for “synchronization tokens” – small blue electronic devices used to authenticate identity when conducting online transfers.
Kompas.com quoted BCA President Director Jahja Setiaatmadja as saying that a virus in a computer had caused a malicious token confirmation request to appear on BCA’s internet banking page.
BCA official Wani Sabu later said there had not been many cases of token password phishing, though he urged anyone suspecting such fraud to immediately contact the bank. Social media reports claim a BCA customer lost Rp.13 million after responding to a pop-up request on BCA’s website for his token’s details.
There’s usually little risk in online shopping and banking, provided you exercise common sense and caution, though the lure of bargains and prizes can be blinding.