Beware of Scams: How to Spot and Avoid Phishing as a Bank Customer
Jakarta, CNBC Indonesia – Bank customers must remain vigilant against cybercrime tactics in today’s rapidly evolving digital landscape, with phishing scams increasingly targeting mobile banking users, social media, email, and digital wallet applications.
The Financial Services Authority (OJK) has recorded ongoing financial fraud in Indonesia, with 548,093 reports collected via the Indonesia Anti-Scam Centre (IASC).
Of these, 268,989 reports were submitted to businesses, while 279,104 were lodged directly with IASC by the public.
Dicky Kartiyono, Executive Chief of OJK’s Financial Business Conduct Supervision, Education, and Consumer Protection, stated that 932,138 accounts were verified, with 485,758 blocked, and 106,477 phone numbers suspended due to fraud.
OJK acknowledged challenges in addressing scams, including a surge in complaints to around 1,000 per day – three to four times higher than in other countries.
BRI’s IT Director, Saladin D Effendi, said scammers frequently use fake links sent via SMS, email, or messaging apps, mimicking official interfaces to steal sensitive data such as user IDs, PINs, passwords, and OTP codes through social engineering.
‘BRI urges the public not to trust suspicious links, always access services through official BRI channels, and never share personal data with anyone,’ he stated in a press release dated 29 May 2026.
Many citizens have suffered account compromises, personal data theft, and financial losses due to falling for fake links or suspicious messages, making it crucial to understand phishing and cybercrime.
What is phishing?
Phishing is a cyber scam where perpetrators impersonate trusted entities to steal victims’ sensitive information, including passwords, PINs, OTP codes, credit card details, and bank account data.
Perpetrators typically send emails, SMS, WhatsApp messages, or fake links mimicking official bank, marketplace, or company websites. When victims enter personal details, the data is immediately stolen.
Recently, scammers have grown more sophisticated, using AI-powered voice calls with fake visuals of trusted figures to convince victims to transfer money.
Phishing typically operates in three key stages:
Creating the bait: Scammers send seemingly official messages such as ‘Your account will be blocked’, ‘You’ve won a prize’, ‘Verify your account now’, or ‘Package delivery failed’.
Redirecting to fake sites: Links mimic legitimate domains, e.g., genuine ‘bri.co.id’ vs. fake ‘bank-bri.com’.
Data theft: Once victims enter usernames, passwords, PINs, or OTPs, the data is stored on the scammers’ servers.
Common phishing types include:
Email phishing: Fraudsters send fake emails posing as banks or companies, often containing links that inadvertently transfer bank account data.
SMS phishing: Scams via SMS or chat apps like WhatsApp and Telegram.
Vishing: Phone calls impersonating bank customer service or official entities, or AI-generated video calls.
Spear phishing: Targeted attacks using victims’ personal data for credibility.
How to detect phishing:
Several warning signs can help detect phishing early:
Scrutinise website addresses: Phishing sites often add extra letters, odd symbols, or similar domains, e.g., genuine ‘bri.co.id’ vs. fake ‘bank–bri.com’.
Urgent or threatening language designed to induce panic, such as ‘Click now’, ‘Account blocked in one hour’, or ‘Verify immediately’.
Requests for sensitive data: Remember, BRI never asks for passwords, PINs, OTPs, or credit card CVVs. Any such message is likely phishing.
Spelling errors, poor grammar, inconsistent design, or overly polished layouts in emails or messages.
Tips to avoid phishing:
Never click links without verifying their source.
Check official websites.
Never share passwords, PINs, or OTPs.
Regularly update passwords and PINs.
Most importantly, educate yourself and family – many phishing victims lack digital literacy. Education is the primary defence against online fraud.