Bank Rakyat Indonesia (BRI) phishing page detected

Posted byAnti-phishing Leave a comment on Bank Rakyat Indonesia (BRI) phishing page detected

A phishing campaign targeting Bank Rakyat Indonesia (BRI) customers utilizes WhatsApp and SMS to trick users with a fake 150,000 IDR service fee increase. The attack uses a fraudulent “BRImo” portal to harvest credentials and real-time OTPs to seize control of mobile banking accounts.

Security Notice: This spoofed page was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our daily link moderation procedures. To protect the public, the phishing source domain has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.

Actual screenshot of "Bank Rakyat Indonesia (BRI) phishing page detected" phishing interface captured during link moderation on our platform.
Figure 1: Live screenshot of the live scam infrastructure isolated on our infrastructure.
Actual screenshot 2 of "Bank Rakyat Indonesia (BRI) phishing page detected" phishing interface captured during link moderation on our platform.
Figure 2: Live screenshot of the live scam infrastructure isolated on our infrastructure.

Bank Rakyat Indonesia (BRI) “Service Fee Change” Scam
Target: Customers of Bank Rakyat Indonesia (BRI)
Threat Level: Critical (BRIMO Mobile Banking & OTP Theft)
Phishing Method Description
This attack uses a “Price Hike Scare” tactic. Scammers distribute fraudulent messages via WhatsApp or SMS (Smishing), claiming that BRI is updating its monthly service fee to a much higher amount (e.g., 150,000 IDR). To “keep the old rate” or “refuse the increase,” the victim is pressured to click a link and provide their details.
The link leads to a high-fidelity clone of the BRIMO (BRI Mobile) login portal. This phishing kit is specifically designed to harvest:
Username and Password
ATM/Debit Card Number
Mobile Phone Number
SMS OTP (One-Time Password): The fake site prompts the victim for the 6-digit code in real-time. The attacker uses this code to authorize a fraudulent transfer or to register the victim’s account on their own device.

Red Flags to Watch For


The Deceptive URL: The official domain is bri.co.id. Phishing sites use lookalikes such as bri-tarif-baru.com, konfirmasi-bri.net, update-layanan-bri.online, or free subdomains like brimo-login.web.app.
Urgent WhatsApp Messages: BRI officially communicates through verified channels. If you receive a fee-change notice from a random mobile number on WhatsApp, it is 100% a scam.
Requesting your PIN/OTP: BRI will never ask for your mobile banking PIN or SMS OTP through a website link to “cancel a fee.”

How to Protect Yourself


Use the BRIMO App: Trust only the notifications and settings found inside your official BRIMO mobile app.
The “No Link” Rule: BRI states they will never send links via WhatsApp or SMS asking for personal login credentials. Always type www.bri.co.id manually into your browser.
Verify with Contact BRI: If you receive a suspicious message, call the official BRI hotline at 1500017 or visit an official branch to verify any policy changes.
OTP Security: Treat your SMS OTP as a secret key. Never share it, and never enter it on a page reached through a link.

Expert Security Tip:


This is a Social Engineering & Real-time Interception attack. Scammers create a fake “financial threat” (the new fee) to make you panic and give up your OTP. Remember: Banks do not ask you to “log in and verify” to cancel a service fee. If a site asks for your Username and OTP at the same time, it is a phishing trap.

Leave a comment

Your email address will not be published. Required fields are marked *