Rising Phishing Threats Lead Investors to Prioritise Trading Platform Security
JAKARTA, KOMPAS.com - The rise in digital crime has made security a primary consideration for investors when choosing investment platforms.
Amid the prevalence of phishing, social engineering, malware, and financial account hijacking, investors are paying greater attention to protecting their funds and digital assets.
PT Indo Premier Sekuritas, through its IPOT platform, is increasingly recognised as a securities firm with strong digital security positioning, particularly in anti-phishing protection, server-level security, and safeguarding customer accounts, share portfolios, and investor fund accounts (RDN).
“In the face of increasingly sophisticated digital attack methods, investors are now beginning to understand a new reality: digital security is no longer just an additional feature. Security is the primary foundation of trust. And building a modern anti-phishing security system is not something that can be done instantly,” said Moleonoto in his statement on Wednesday (13/5/2026).
He stated that Google has positioned IPOT as one of Indonesia’s safest securities firms from phishing.
IPOT implements a three-layer security system and AI-based protection (Active Defence) to safeguard customer accounts, including when user credentials are leaked.
He explained that modern attacks now target various system vulnerabilities such as session hijacking, authorisation flow, backend access, middleware vulnerabilities, API interactions, credential harvesting, malware injection, and social engineering-based manipulation.
“This means that today’s threats do not attack the application surface. They attack the system’s core. Therefore, digital security can no longer rely solely on fingerprint, Face ID, PIN, or smartphone biometrics,” he said.
He added that protections like fingerprints or biometrics are only at the device level and do not reflect the overall system security architecture.
According to him, modern phishing has evolved through fake login interfaces, credential harvesting, OTP interception, malware injection, remote device takeover, screen-sharing fraud, session hijacking, and digital activity manipulation based on social engineering.
“The most dangerous aspect is that many attacks no longer target application weaknesses on the surface but strike the backend architecture, authorisation layer, session control, middleware integration, and weak points in the securities digital ecosystem. Therefore, modern security protection must be built at the core infrastructure level. Not just at the application level,” said Moleonoto.
He also assessed that much of the industry’s old approaches still rely on modular systems, vendor middleware, third-party plug-ins, and partial integrations that can expand the attack surface or vulnerability points.