Digital scam methods are becoming increasingly sophisticated. Previously, many scams relied on psychological manipulation through phone calls. However, as communication has increasingly shifted to chat-based platforms, scammers now deceive their victims via WhatsApp (WA). According to data from the Indonesia Anti-Scam Center (IASC), which received 432,637 reports with total losses of Rp 9.1 trillion, the reports were collected between November 22, 2024, and January 11, 2026.
This widely used messaging application has become the channel most frequently misused for digital fraud. Field realities indicate that these cybercriminals no longer operate in an amateurish manner but rather within structured, systematic networks. Scam activities via WA often involve sending APK files disguised as invitations, delivery notifications, or traffic violation notices. They also include phishing links offering prizes, bank-related information, or video calls used for extortion.
These criminals generally attempt to steal personal data, access bank accounts, or take over victims’ WhatsApp accounts. Therefore, people are strongly advised never to click on suspicious links or files, or to share OTP codes or PIN numbers.
Responding to these findings, Iradat Wirid, Deputy Executive Secretary of the Center for Digital Society at Universitas Gadjah Mada (CfDS UGM), emphasized that this phenomenon is no longer merely an individual prank but the work of organized syndicates that require serious state intervention.
According to him, a silo mentality or sectoral ego, particularly in data exchange between the police and banking institutions, remains one of the main obstacles in addressing these scam methods. Both institutions face legal constraints due to overlapping regulations.
“Under the Banking Law, it is clearly stated what must be protected, such as customer confidentiality, personal names, and mothers’ names. From a professional and customer perspective, these must be safeguarded. However, when we look at the Electronic Information and Transactions Law (ITE) and the Criminal Procedure Code (KUHAP), the handling process needs to be much faster,” he explained on Thursday (Mar. 12).
Iradat stressed that addressing these digital syndicates requires collaborative and forward-looking legal breakthroughs. He proposed involving other institutions and establishing a data-sharing agreement.
“This issue can be bridged through other approaches, for example, by involving the Financial Transaction Reports and Analysis Center (PPATK) if suspicious transactions are detected,” he said.
In certain cases, such as online gambling and digital fraud, a data-sharing agreement becomes crucial because these crimes are carried out by syndicates. To dismantle them, authorities must be able to trace the masterminds behind the operations.
In addition, Iradat suggested that direct instructions from the President may be needed to cut through rigid bureaucratic chains, for example, by forming a special task force on digital fraud that reports directly to the President. Such a task force could be granted limited access to conduct profiling without waiting for a full legal determination.
“This may be controversial due to surveillance concerns, but other countries such as Singapore have demonstrated that strict regulations can operate effectively with clear criteria,” he explained.
Technological protection measures, such as biometric verification and number tracking, must also be supported by clear derivative regulations under the Personal Data Protection Law (PDP Law). Without such regulations, data breaches could instead harm the public. These efforts must therefore be accompanied by improvements in implementing the PDP Law’s derivative regulations. To date, regulations governing the law’s implementation within the public or government sector have not yet been established.
“If it is not protected by clear derivative regulations under the PDP Law, then when data leaks occur, the public will again bear the consequences,” he stressed.
As a final point, Iradat emphasized that efforts to eradicate digital fraud will never be fully effective if responsibility is placed on only one party. In his view, the strongest line of defense lies within the public through strong digital literacy.
“Scams are becoming increasingly sophisticated. Simply arresting perpetrators will not solve the problem. We need proactive regulations from the government, and the public must also remain defensive and receive extensive training in digital literacy,” he concluded.
Author: Aldi Firmansyah
Editor: Gusti Grehenson
Post-editor: Jasmine Ferdian