Police Uncover Phishing Scam, Urge Public Not to Easily Trust SMS Messages with Links

The online fraud syndicate, or phishing, used the method of SMS blasts to send fake e-citation payment messages. Police are urging the public not to easily trust SMS messages sent from unknown numbers.

“The Police urge all members of the public not to easily trust SMS messages from unknown numbers that include links, especially those claiming to be from government agencies,” said the Director of Special Cyber Crime at the National Police’s Criminal Investigation Unit, Brigadier General Himawan Bayu Aji, at a press conference on Wednesday (February 25, 2026).

Himawan asked the public to always check the authenticity of websites before entering personal data or banking details.

“If in doubt, immediately confirm with the bank’s customer service or the relevant agency,” said Himawan.

He said that the Directorate of Special Cyber Crime at the National Police’s Criminal Investigation Unit is committed to continuing to take firm law enforcement action by cutting off the infrastructure chain of international phishing syndicates in order to protect Indonesian people in cyberspace.

Previously reported, the five suspects are WTP (29), FN (41), RW (40), BAP (38), and RJ (29). The suspects in Indonesia are accomplices who receive and carry out orders from Chinese nationals using Telegram accounts.

Here are the roles of the five suspects in Indonesia:

1. WTP, who acts as the main actor operating the devices and carrying out SMS blasts since September 2025.

2. FN, who provides SMS blast services with foreign clients and manages SIM cards since July 2025.

3. RW, who helps with the operational SMS blasts together with suspect FN since July 2025.

4. BAP, who acts as the main actor in SMS blasts and the operator of the blasting device since February 2025.

5. RJ, who acts as the provider or seller of registered SIM cards to other actors.

This case began with a public complaint report number B-693/E.1/EE.3/12/2025 dated December 9, 2025. The report revealed that 11 phishing links were circulating, which resembled the official website for e-citation payments belonging to the Attorney General’s Office with the original URL https://tilang.kejaksaan.go.id.

The perpetrators spread the fake links through the SMS blast method from five mobile phone numbers to the public. From these five mobile phone numbers, it will develop into several other mobile phone numbers.

The chronology of this incident began when the victim received an SMS from an unknown number. The SMS informed of an outstanding traffic violation fine accompanied by a link. Then the link was clicked by the victim and the victim was directed to a fake e-citation site that looked very similar to the official site belonging to the Attorney General’s Office, explained Himawan.

Because they believed the website was genuine, the victims entered their personal data and credit card details. This resulted in an illegal or unauthorized debit transaction on the victim’s credit card for 2,000 Saudi Arabian riyals, equivalent to Rp 8,800,000.