BRI Warns Customers of APK File Fraud Scams Ahead of Eid Holiday Period

Jakarta – As the Eid holiday period approaches, when digital communications and transaction volumes typically increase, PT Bank Rakyat Indonesia (Persero) Tbk (BRI) has urged the public to remain cautious in protecting their accounts, particularly against files from unknown sources.

In practice, this fraud method typically begins with WhatsApp messages from individuals claiming to represent certain institutions, featuring convincing narratives and attachments such as APK files, digital invitations, letters bearing tax service letterheads, package delivery receipts, and other documents packaged to appear as important information.

When victims download and install these files, they can serve as entry points for malicious software (malware) designed to steal data, damage systems, or take control of devices without the user’s knowledge. APK applications from unreliable sources can also request specific access permissions on devices and be exploited to monitor user activity, creating opportunities for misuse of financial services access stored on the device.

Saladin Dharma Nugraha Effendi, BRI’s Director of Information Technology, explained that digital crime patterns continue to evolve and necessitate strengthened collective vigilance.

“The company continuously enhances the security capabilities of its digital services to remain adaptive to the evolving threat landscape. Security enhancements are implemented continuously to protect customer data and transaction access. Customer security and convenience remain our consistent priority,” he said.

BRI urges customers not to click, download, or install applications from untrusted sources and not to forward suspicious messages, files, or links to others. If customers receive unusual messages—such as those using urgent language, offering rewards, requesting data updates or “verification,” or including file attachments from unknown numbers even if they claim to be from the bank or other important services—they are advised to verify the sender’s authenticity and conduct verification before taking further action. Activation of additional security features such as Two-Factor Authentication (2FA) is also recommended to strengthen protection of digital service access.

Should customers have already downloaded or installed a suspicious APK file, the initial step is to disable mobile data and Wi-Fi connections, then uninstall the installed application. Subsequently, customers should immediately change their BRImo account username, PIN, and password as well as the email account linked to it, and perform a factory reset through device settings to ensure the device is free from potential control by unauthorised parties. Customers should also block the sender’s number if the message is identified as fraudulent, and if suspicious activity is detected, they can immediately contact BRI Customer Service at 1500017.