New M-Banking Fraud Scheme Threatens Bank Accounts Ahead of Eid Holiday in Indonesia

Jakarta — Indonesians are being urged to remain vigilant during the upcoming Eid holiday, as cybercriminals typically exploit festive periods to launch fraud attacks.

“During holiday periods when digital transactions increase and digital caution tends to decrease, cyber criminals often exploit the trust individuals and organisations place in popular travel agencies to steal data,” said Panji Wasmana, National Technology Officer at Microsoft Indonesia.

One fraud scheme warranting particular attention is phishing attacks utilising the Clickfix technique. Microsoft Threat Intelligence has identified that these attacks employ fake login pages and CAPTCHA screens to harvest victims’ credentials. The Clickfix method deceives users into unknowingly downloading data-stealing malware and granting attackers access to their mobile devices.

The Clickfix technique was first identified around February 2025 and has targeted multiple regions, including Southeast Asia. According to Panji, the key defence lies in recognising attack patterns and implementing protective measures to safeguard data against criminal actors.

The following security measures are recommended to avoid becoming a phishing victim during the Eid holiday:

• Ensure communication with official hotels or travel agencies only. Always verify contact details match those of the legitimate service provider.

• Use only secure networks and avoid public Wi-Fi when logging into accounts.

• Always examine email addresses carefully. Be alert to phishing emails that demand urgent action.

• If receiving suspicious emails, avoid clicking embedded links. Instead, verify information through official websites.