Indonesian bank warns over imposter social media pages advertising 'lucky draw'

  • Published on March 4, 2024 at 10:00
  • 3 min read
  • By AFP Indonesia
An Indonesian state-owned bank has warned social media users not to be misled by imposter Facebook pages promoting a "prize draw" in its name. The pages -- which were not verified -- shared posts that had the hallmarks of a phishing scam. 

One Facebook post promoting the purported "prize draw" contained the logo of Indonesian state-owned Bank Negara Indonesia (BNI) (archived link).

Shared by an unverified page called "BNI Promotion Rewards" on February 26, 2024, it included an image of two people wearing a uniform for the bank's employees (archived link).

The Indonesian-language text on the image reads: "Prize Draw Celebration".

The post's caption reads in part: "Latest BNI 2024 Promotion. Exclusive for BNI customers who have activated mobile banking.

"Thunderous BNI Fortune is for you active BNI customers. Please register for the Thunderous BNI Fortune and directly get rewards such as main rewards: 1 unit house, 5 units of Scopy motorcycle, 1 unit of Alphard car, 3 tickets to Singapore, 4 units 50 inch TV".

Screenshot of the false post, taken on February 28, 2024

AFP found the post contained a link that directed users to a website which then invited them to enter a phone number.

Following the submission of a contact number, the website then asked users if they were BNI customers before requesting them to share their debit card details.

Screenshot of the fraudulent website asking users to enter banking credentials

Similar false posts promoting purported BNI's prize draw were also shared on other Facebook pages featuring the bank's logo, including here, here and here.

Some social media users appeared to believe that the post was genuinely from the bank.

"I have completely registered and now waiting for the result," commented one user.

"I am interested in opening a BNI account," says another user.

However, a BNI representative told AFP on February 28, 2024 that neither the pages nor the posts were related to the bank and warned its customers to be wary of such social media accounts.

"Don't reveal personal information such as OTP code, PIN, User ID, CVC (Card Verification Code) and e-banking passwords to other parties," the representative said.

The imposter Facebook pages had almost no followers, while BNI's verified Facebook page -- identifiable from its blue check mark -- has more than 437,000 followers (archived link).

Below is a comparison of one of the fraudulent Facebook pages (left) and BNI's page (right):

Screenshot comparison between the fake page (left) and the genuine BNI''s Facebook page (right)

AFP put the false post's URL into VirusTotal -- an online malware and virus scanner -- and found it was flagged as malicious by at least three security vendors (archived link).

Is there content that you would like AFP to fact-check? Get in touch.

Contact us