Scam Lessons Worth 10 Million IDR

In Editorial by Bintoro Adi Guna1 Comment

Today’s post is about scam. This will be a long article…

Anda berbicara Bahasa Indonesia? Baca artikel terjemahannya di sini!

Well, to be honest, I’m one of many people who are optimistic about 2021. With all the disasters and a global pandemic in 2020, it’s no wonder that many people are optimistic for this year. However, unfortunately, that’s not the case for me. In the beginning of 2021, I became a victim of credit card scam. The amount? Well, look at the title.

Long story short, the incident did not work out in my favor, and I was forced to pay that much. I was mad, furious, traumatic, of course… so mad that I vowed to never made any contact with that bank again. Also, I decided to share this traumatic experience so that none of you will have to suffer the same fate as I did.

I’ll tell my story in a chronological order, and please beware of the following conditions:

  • This article is long, and mostly consist of text.
  • This article is of course, biased to my side. I don’t bother asking the issuer’s opinion because they gave me the same answer… multiple times!
  • I’ll be using offensive language in some parts of the article. Be warned.

The Story – In Chronological Order

Scam Incident: The Beginning

At one night, I began receiving many OTP SMS I usually receive when using my credit card to shop online. At first, I ignored the messages, since I knew that transactions cannot get through without the appropriate OTP.

This incident began with a barrage of OTP SMS codes for authorizing credit card transactions.

The messages kept coming for a few minutes, until I received a phone call. The caller number was the very same as the issuing bank’s customer service number. I thought it was about the transactions, so I just accepted the call.

The number the scammer used to call me. This one is probably spoofed.

And yes, the caller claimed that they were indeed from the bank, especially the anti-fraud unit. They claimed that my credit card details had been breached. They offered help to cancel the transactions, but in order to do so, they needed the OTP.

At first, I was not convinced. Yes, because the message clearly said to NEVER GIVE THE OTP TO ANYONE, INCLUDING THE BANK STAFF. I got into a pretty long conversation with the scammer on the phone. He kept trying to convince me that he was legit. One thing he kept mentioning was that the number he used, was indeed the bank’s legit number, printed on the card. As the conversation went on for about 25 minutes, the messages kept coming.

After that lengthy battle of wit, I decided to give up. He made it so convincing that he needed the OTP codes to stop the transaction. Even going as far as telling me that a new message will come in, with exactly the same amount, and merchant. I still regretted the moment I decided to give up, and gave him the OTP. I was still suspicious, but he sounded very convincing, and one thing that really got me was the number he used.

I was shocked, and very, very furious when I saw a new message came in: A transaction in an eCommerce platform worth IDR 10mio was made. The culprit then told me that it was actually a cancellation message. Then I fucking had it. He then requested to have 4 more codes in order to cancel all those transactions. Obviously, it felt as if I had been struck by thunder. I didn’t buy any of that shit. I immediately hung up the fucking phone.

Of course, the scammer didn’t give up. He gave me another call, but this time, it was an Unknown caller ID. Still in shock, unsurprisingly, I immediately rejected the fucking call. Then, I knew I was scammed, probably by a spoofed number.

Still in shock, I opened the bank’s app and checked my credit card usage. I was stunned to see that there were two unknown transactions, totaling to IDR 10,978,000. A fantastic number.

Scam transactions.

Scam Incident: Seeking Resolutions

Stunned and furious, I immediately called the bank’s customer service. I told everything to the staff. He then asked me if I had given the OTP. I told the truth, especially about the fact that the scammer used the same number as the bank’s customer service number.

Then, the customer service staff told me something that made me even more furious: I should’ve never given the OTP, because like the message said, Don’t give the number to ANYONE. Secondly, he told me that the customer service number was only used for receiving incoming calls. It cannot be used for outgoing calls. I was like, “Fuck, how the actual fuck do I know that kind of shit?” To be honest, that information was new to me. I felt like I was blamed for my own stupidity, after I was just scammed IDR 10 million. “It’s your fault for not knowing more about our customer service number”.

The climax was that the staff told me that once an online transaction goes through with OTP, it is final. The bank cannot do anything about it, because that transaction is considered as valid, and made with your consent. That was it for me. I shouted furiously at the staff. Fucking jerk, if I had known about that customer service number, I wouldn’t have been in that fucking situation! Yes, sure, the bank wouldn’t do anything because it did not want to lose any money. Let the helpless customer pay their price for being fucking scammed!

Being blamed for not knowing how their customer service support number works made me furious.

Even after that, I still didn’t give up. I tried to call both eCommerce platforms to see if they could cancel my transactions. Unfortunately, at that time, it was already late, around 11 P.M. Of course I couldn’t sleep. I was about to pay that much money, how the actual Hell could I sleep?

One eCommerce couldn’t pick up the phone, saying that they were in a limited operation mode due to COVID, and said that I should reach them tomorrow morning. The second eCommerce was better. Their customer service was available, and they listened to my scam incident. Unfortunately, they couldn’t help, since they needed more proof, especially a proof that a transaction is successful, be it a SMS or an email. For the latter, of course I couldn’t get it, because that transaction was not made on my eCommerce account, and this bank never gives a successful transaction receipt via email. As for the former, I didn’t receive a SMS, either. Very strange, because I got the first transaction SMS, but not the second. It was both very regrettable and unfortunate.

The next day, I called the other eCommerce platform. I told the staff my whole scam incident and he listened. Unfortunately, he could not do anything, because the transaction the scammer had made the previous day was digital. If it had been physical, he would’ve been able to cancel the transaction immediately. He advised me to go to the police. I couldn’t blame him, of course, but still, I was shocked knowing that the bank might be my only hope.

On that day, another thought occurred to me. I have a friend who used to work at the bank. I asked her if she had any contact in the bank that could help me. While she didn’t promise anything (that’s very, very understandable), she passed my story to her friend, who said that there were similar scam cases recently. Hell, even this friend’s superior fell into the same scheme. Well, I’d certainly love to know how this superior’s case went.

Scam Incident: Aftermath

Unfortunately, after a few days, after a number of phone calls to the bank, I received no favorable resolution. They kept telling me the same thing: Transactions made with OTP is marked as final and legitimate. The bank cannot (or unwilling to) dispute it. They advised me to report the case to the police, in which they were willing to act as eyewitness. Regardless of the outcome of the case, I still had to pay.

After a few days, my credit card statement was delivered to my inbox, with those dreadful two scam transactions I did not make. Now, while I could’ve reported this case to the police, I decided not to do so. Why, because the process could be lengthy, and I wasn’t sure that I was able to follow through the whole process. I still have a job, I still have a life, I still have better things to do. Whatever the outcome, I had to pay, so there were no benefits for me to report this to the authorities. I’ll only further waste my time, energy, and even sanity.

So, what did I do? I paid the fucking bill, closed the fucking credit card, emptied my bank account, moved to another bank, and uninstalled the goddamn app. I never, ever, want to hear back from that bank, or have any more business with that bank, unless I got my money back. I was so deeply disappointed that I, as a normal customer, was scammed like this, and the only response I got from the bank was, “It’s your fault for giving the OTP”.

However, to this day, I still have a few lingering questions, like, how did they get my card number? The card has always been in my possession. For online stores, I’ve only used that card less than five times. In offline stores, I always made the payment personally, never giving the card to the cashier. I suspect there had been a data breach somewhere.

Yes, IDR 10 million is not a small sum. I was so consumed by this incident that I couldn’t sleep for a few days, and almost lost my appetite. So yes, I did not regret the choice that I made to pay it. My sanity and health are more important than IDR 10 million.

The incident bothered me so much that I couldn’t sleep for a few days.

Of course, I am grateful to everyone that supports, or even be willing to help me (my girlfriend, relatives, friends), but my decision stands. I never experienced anything like this from other banks (hopefully, never again!), and never received such an insult that it was my fault for being scammed. My trust is shattered. They are right when they say that financial business is all about trust. When you, as a customer, lost this trust, you will leave and never come back.

To be clear, this decision is of my own, my personal opinion. I don’t mean to boycott this bank, since I know that I’m nobody. I’m just sharing this so you’ll always be on your guard. It’s a wild world out there, and most of us are just small, helpless customers. Finding help in case you got into something like this, unfortunately, will not be easy.

Lessons Learned about Scam

Now, not all is lost. At least I got a few of these lessons about scam to tell you all, in no particular order:

Beware of Unknown Callers

Scams like this start from your cell phone. Whenever you receive a call from someone you don’t know, please be careful, or even ignore it completely. I know this may sound harsh, but seeing how our private data is circulated without our consent, I can’t help but being paranoid.

Phone Numbers can be Spoofed

I hate to tell you this, but most likely the number that called me was spoofed. This is actually quite a common practice in scamming, where your phone will display a different caller ID, mimicking those legit customer service numbers.

But to this day, I still wonder… Why this bank?


This was my biggest mistake. The SMS is right, OTP should never be given out to anyone. OTP CODES HAVE ONLY A SINGLE PURPOSE: TO AUTHENTICATE TRANSACTIONS, not the other way around.

The need of an OTP code to do anything but authenticate transactions are complete, utter, bullshit!

Closely Monitor your Financial Accounts

Before this scam incident, I had credit cards from four different banks. After this incident, I realized that these are not assets, but liabilities, if you cannot keep a close look at them.

So, my advice, if you have bank accounts or credit cards that you do not need, or cannot keep an eye on, please close them. You’ll never know when they are used against you like this.

Prioritize Yourself

Being a scam victim can be traumatizing. Take a few moments to calm yourself down, take a few breathing exercises, and try to make a decision with a clear head. Whatever you decide to do, please prioritize yourself.

No disrespect to the amount that you’ve lost, but no money should be able to replace your health and sanity. Losing them over a scam incident is certainly not worth it.

Be A Good Listener

While this is not strictly related to scamming, I’d like to take this moment to tell you guys if a friend came to you, telling you that they had just got hit by a scam, please listen to his / her stories first. Please don’t attempt to judge, blame, or even tell them what they should’ve done when the scam took place, unless they ask for it. I’m sure they’ll really appreciate it. I know I do, because being told that you’re wrong when you’re down is really, really both disheartening and infuriating at the same time.

No One Is Safe

This is actually the most embarrassing lesson I need to take. I’m aware that I’m knowledgeable in IT, and I currently work in a bank. I should’ve been familiar with these kinds of scam tricks. However, that scammer bested me. This forces me to admit that I’m not safe, and neither are you.

Wherever you work, whatever you do, you are vulnerable. Yes, even those who work in a bank as a security specialist. Why, because we’re humans. We’re not perfect. That’s why we must keep our guard up at all times.

Well, I’m glad that’s over. If you reach this part, I can’t thank you enough for willing to read my lengthy rant. This really took some loads off my chest. I hope you get the message, and I hope, none of you will ever experience this. As for the scammer, I hope they’ll get whatever is coming to them. Karma is real, and I hope they’ll be putting that money to good use. Now that this article is over, I’ll get back to discussing tech and reviewing stuffs. Finally, as usual, many thanks for visiting, and see you in the next article! 😀


  1. Pingback: Scam Lessons Worth 10 Million IDR | Technoverse

Leave a Comment