Ahead of Ramadan holidays, BRI warns customers of fraud using .APK file scams

Jakarta — As the Ramadan holiday period approaches, when digital communication and transactions typically intensify, PT Bank Rakyat Indonesia (Persero) Tbk, or BRI, has urged the public to remain vigilant in protecting their account security, particularly against files from unknown sources.

This fraud scheme commonly begins with WhatsApp messages from individuals claiming to represent certain institutions, featuring convincing narratives and attachments of .APK files, digital invitations, letters bearing the names of tax services, parcel delivery receipts, and other documents packaged as important information.

When victims download and install such files, they can become a gateway for malware programmes designed to steal data, damage systems, or take over devices without the user’s knowledge. .APK applications from untrusted sources can also request specific access permissions on the device and be exploited to monitor user activity, thereby creating opportunities for misuse of financial service access stored on the device.

BRI’s Information Technology Director, Saladin Dharma Nugraha Effendi, explained that patterns of digital crime continue to evolve and demand strengthened collective vigilance.

“The company continues to enhance the security capabilities of its digital services to remain adaptive to the dynamics of threats. Security enhancements are carried out continuously to protect customer data and transaction access. Customer security and convenience remain a priority implemented consistently,” he said.

BRI urges customers not to click, download, or install applications from untrusted sources, and not to forward suspicious messages, files, or links to others. If receiving odd messages—such as those using urgent tones, offering prizes, requesting data updates or “verification,” or including file attachments from unknown numbers despite claiming to be from the bank or other important services—customers are asked to verify the sender’s authenticity and conduct verification before taking further action.

Enabling additional security features such as Two-Factor Authentication (2FA) is also recommended to add protection to digital service access.

If customers have already downloaded or installed a suspicious .APK file, the initial steps required are to disable mobile data and Wi-Fi connections, then delete the installed application. Customers can then immediately change their BRImo account username, PIN, and password, as well as associated email accounts, and perform a factory reset through device settings to ensure the device is clean from potential unauthorised control. Customers should also block the sender’s number if the message is suspected to be fraudulent, and if suspicious activity is discovered, they can immediately contact BRI Contact at 1500017.

“BRI emphasises the importance of caution in filtering information, particularly messages accompanied by files or links from unknown sources. Recognising threat indicators early becomes an important step in preventing unauthorised access to customer data. Collaboration between BRI and customers forms the foundation for building a safe and comfortable digital ecosystem,” Saladin concluded.