Chinese National Spreads Fake eToll SMS, Drains Indonesian Citizens' Bank Accounts

Jakarta — Police have uncovered a case involving fraudulent eTilang (electronic traffic citation) messages. The perpetrators reportedly used the name of the Attorney General’s Office to deceive their victims.

The case originated from a report through the Attorney General’s Office, which revealed 11 phishing links. All these links closely resembled the official eTilang payment website belonging to the Indonesian Attorney General’s Office.

“The perpetrators spread fake links through SMS blast methods from five mobile phone numbers, which will subsequently expand to several mobile phone numbers,” said Himawan Bayu Aji, Head of the Cybercrime Directorate of the Bareskrim Police, on Wednesday (25 February 2026).

A similar case was also discovered in the Central Sulawesi Police region. The sequence of events was nearly identical: victims would receive an SMS from an unknown number containing a fine notification for traffic violations and a link. However, upon clicking, the link would direct victims to a fake eTilang site that appeared virtually identical to the genuine one. Convinced of its authenticity, victims would enter their personal and credit card data, resulting in illegal debit transactions worth 2,200 riyals or 8.8 million rupiah.

From there, police patrols identified 124 additional phishing website links. There were also six additional mobile phone numbers used for SMS blasting.

Aji explained that police had secured five suspects at two different locations in Central Java and Banten. The five suspects had different roles as follows:

— Suspect WTP (29 years old): primary perpetrator who operated the device and conducted SMS blasting.

— Suspect FN (41 years old): provided SMS blast services and managed SIM cards.

— Suspect RW (40 years old): assisted with SMS blasting operations alongside suspect FN.

— Suspect BAP (38 years old): primary perpetrator who operated the device and conducted SMS blasting.

— Suspect RJ (29 years old): provided or sold registered SIM cards to other perpetrators.

Police also discovered that this criminal operation was directly controlled by a Chinese foreign national. Aji explained that suspects WTP, FN and RW operated under the control of a foreign national using Telegram accounts named Lee SK and Daisy Qiu.

The perpetrators were also found to have sent SMS blasting equipment, known as sim boxes, twice in September and December 2025. The foreign national would also control the system remotely from China.

Meanwhile, suspects in Indonesia used a TVs application to monitor the number of SMS blasts sent and failed. In a single day, the device could send up to 3,000 mobile phone numbers simultaneously.

It was also revealed that BAP worked for an activation service provider and created Telegram accounts and WhatsApp numbers that were already active and registered. The suspect reportedly knew a Chinese national named Chen Jiejie since 2023 and has worked since February 2025.

All suspects face a maximum prison sentence of 15 years and a maximum fine of 12 billion rupiah.

Aji reminded the public not to easily trust SMS messages from unknown numbers, especially those containing links and claiming to represent government institutions.

“Always verify and double-check the authenticity of websites before entering personal or banking data. If in doubt, immediately confirm with your bank’s customer service or the relevant institution,” he explained.