Ahead of Ramadan, BRI Warns Customers of .APK File Fraud Scheme

Jakarta — PT Bank Rakyat Indonesia (Persero) Tbk (BRI) has urged the public to exercise heightened vigilance in protecting their account security, particularly against files originating from unknown sources. In practice, this fraud scheme typically begins with a WhatsApp message from individuals claiming to represent a particular institution, with persuasive narratives and attachments including .APK files, digital invitations, letters purporting to be from tax services, delivery receipts, and other documents presented as important information.

When victims download and install these files, they can serve as entry points for malware programmes designed to steal data, damage systems, and seize control of devices without user knowledge. Untrustworthy .APK applications can also request specific access permissions on devices and be exploited to monitor user activity, thereby creating opportunities for misuse of access to financial services stored on the device.

Saladin Dharma Nugraha Effendi, BRI’s Director of Information Technology, explained that digital crime patterns continue to evolve and demand strengthened collective vigilance. “The company continuously enhances the security capabilities of digital services to remain adaptive to the dynamics of threats. Security strengthening is conducted continuously to protect customer data and transaction access. Customer security and convenience remain a consistent priority,” he stated.

BRI urges customers not to click on, download, or install applications from untrusted sources, and not to forward suspicious messages, files, or links to others. If receiving messages that seem unusual — for example, using urgent language, offering rewards, requesting data updates or “verification,” or including file attachments from unknown numbers despite claiming to represent a bank or other important service — customers are advised to verify the sender’s authenticity and conduct verification before taking further action.

Activating additional security features such as Two-Factor Authentication (2FA) is also recommended to strengthen protection of digital service access. Should customers inadvertently download or install a suspicious .APK file, the initial steps required include disabling mobile data and Wi-Fi connections, then deleting the installed application. Subsequently, customers should immediately change their BRImo account username, PIN, and password, as well as the email account linked to it, and perform a factory reset through device settings to ensure the device is free from potential unauthorised control.

Customers should also block the sender’s number if the message is suspected fraud, and if suspicious activity is detected, they can immediately contact BRI Customer Service at 1500017. BRI emphasises the importance of exercising caution in filtering information, particularly messages with files or links from unknown sources. Early recognition of threat indicators is a critical step in preventing unauthorised access to customer data. Collaboration between BRI and its customers forms the foundation for building a secure and comfortable digital ecosystem.