Bareskrim: Phishing Tools as Gateway to Cybercrime, Triggering Fraud to Data Theft

JAKARTA, KOMPAS.com - Bareskrim Polri has stated that the circulation of phishing tools poses a serious threat as it serves as a gateway to various broader cybercrimes, ranging from data theft to large-scale online fraud.

Direktur Tindak Pidana Siber Bareskrim Polri Brigjen Pol Himawan Bayu Aji said that the software is specifically designed to facilitate illegal access to electronic systems, which is then exploited by perpetrators for various criminal acts.

“We consider this dangerous because this instrument is a gateway to more massive cybercrimes. With this tool, irresponsible parties can carry out exploitation of personal data, online fraud, and business email compromise,” Himawan said at the Bareskrim Polri Building in Jakarta on Wednesday (22/4/2026).

Himawan emphasised that the revelation of this case is not merely law enforcement but also Polri’s contribution to narrowing the operational space of the global cybercrime ecosystem.

He also appreciated the cooperation between Polri and the FBI in exchanging data and information, as well as support from the NTT Provincial Police in uncovering the case.

“Which has Polri investigators acting as the spearhead executing the entire law enforcement process in Indonesia’s jurisdiction,” Himawan explained.

This includes multi-layered mechanisms such as multi-factor authentication, making the resulting risks and losses even greater, both materially and immaterially.

Himawan explained that the uncovering of this case began with a cyber patrol that found a site selling phishing scripts.

The site was connected to a Telegram account used as a medium for transactions and distribution of the software.

Joint testing with IT experts confirmed that the scripts being sold were indeed designed for phishing and illegal access.

From the investigation results, police found 22 types of phishing tools sold to various parties, with a payment system using cryptocurrency and foreign server infrastructure.

“This is not an ordinary digital crime, but a real threat to national and even global security, as well as a violation of every individual’s privacy rights,” he stated.

The two individuals acted as producers as well as financial managers from the sales of phishing tools.

Estimated global losses due to the use of these phishing tools reach $20 million or approximately Rp 350 billion.

Meanwhile, the perpetrators are estimated to have reaped profits of up to Rp 25 billion during their operations from 2019 to 2024.