Cross-Border Phishing Tools Victims Reach 34,000, Including from the US

The Cyber Crime Directorate of the National Police Criminal Investigation Agency has uncovered a syndicate providing hacking devices or phishing tools based in Kupang, NTT. The cross-border phishing syndicate has 34,000 victims.

Dirtipidsiber Bareskrim Polri Brigadier General Himawan Bayu Aji stated that his team has arrested two suspects in connection with the case. They are GWL (24) and his girlfriend FYT (25).

“GWL is the main perpetrator who produced, sold, and developed phishing tools independently since 2018. The suspect’s background is a graduate of SMK Multimedia and acquired skills in creating scripts autodidactically,” Himawan said during a press conference at Bareskrim Polri, South Jakarta, on Wednesday (22/4/2026).

“FYT played a role in providing storage and managing funds from the criminal sale of phishing tools through cryptocurrency wallets,” he continued.

In running this illegal business, the two suspects used virtual private server (VPS) services located abroad.

“The suspects also conducted automatic monitoring of sales and provided technical support services to buyers of scripts who encountered issues,” Himawan explained.

Although based in Kupang, the reach of this couple’s crime spans a global scale. Based on data gathered with the Federal Bureau of Investigation (FBI), there are 2,440 buyers of scripts made by GWL scattered across various countries.

“There are 2,440 buyers who transacted during the period from 2019 to 2024 through VPS infrastructure located in Dubai and Moldova. All transactions have been confirmed using cryptocurrency assets recorded in purchase histories,” Himawan stated.

Data was also obtained on around 34,000 identified victims during the period from January 2023 to April 2024. Of that number, 17,000 victims, or approximately 50 percent, were confirmed to have experienced hacking.

“From the analysis of 157 victims, it shows that 53 percent are from the United States, while the remaining 47 percent are from various countries around the world,” Himawan explained.

“Within that group, nine Indonesian corporate entities have been identified as victims,” he detailed.

The two suspects have reaped profits of up to Rp 25 billion since carrying out their illegal actions. Meanwhile, the losses to victims caused by the use of scripts sold by the suspects are estimated to reach USD 20 million or approximately Rp 350 billion.

Due to their actions, suspect GWL is charged under Article 51 paragraph (1) in conjunction with Article 35 and/or Article 50 in conjunction with Article 34 paragraph (1) of Law Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions (UU ITE), with a maximum penalty of 15 years imprisonment and a fine of Rp 10 billion.

Meanwhile, FYT is charged under Article 607 paragraph (1) Letter a or Letter c of Law Number 1 of 2023 on the Criminal Code (TPPU), with a penalty of 15 years imprisonment and a fine of Rp 5 billion.