 |
| Crazy Scam! Doctor Loses Nearly IDR 2 Billion After Fake Tax Officer Trick. (Illustration Image) |
A doctor identified as DT recently fell victim to a sophisticated scam that cost him nearly IDR 2 billion. The fraudster pretended to be a tax officer and successfully drained DT’s bank account at OCBC Bank.
The incident started on October 10, 2025, when DT received an official-looking letter requesting tax data clarification from the Medan Polonia Tax Office. Wanting to comply, DT visited the office on November 20, 2025, and submitted his documents to an officer named AR.
Things took a bad turn the very next day. DT received a WhatsApp message from an unknown number claiming to be a tax official. The sender said the message was related to DT’s 2025 annual tax report and sent a file that appeared legitimate.
“The message looked very convincing, complete with the official logo of the Directorate General of Taxes. But the file turned out to be fake. It was an APK called CORETAX1_0_69_20251029.apk,” DT told Poskota on Friday, January 23, 2026.
The scammer didn’t stop there. DT was guided through a video call and instructed step by step to download and install the app on his phone and laptop. During the process, the scammer warned DT not to touch his phone screen, threatening that the process would fail if interrupted.
The download process went back and forth for almost an hour. That’s when the account breach is believed to have happened. “A transaction notification from OCBC suddenly popped up for a moment. That’s when I started to feel something was wrong,” DT said.
After turning off his phone for about 10 minutes, DT realized the money in his account had already been transferred to several unknown accounts. According to him, the scammers attempted to access his account 14 times, with two failed attempts.
The fraud didn’t stop at one bank. At Bank Permata, two transactions were recorded: one IDR 10,000 administrative fee and another transfer of IDR 4.5 million that successfully went through. Meanwhile, an attempted breach at HSBC failed due to the bank’s security system.
DT immediately contacted OCBC and filed a police report under number STTLP/B/967/XI/2025/SPKT/POLSEK Medan Baru. He also reported the case to the Head of the Medan Polonia Tax Office, suspecting a possible leak of taxpayer data.
Bank and Authority Responses
OCBC stated that all transactions were processed according to standard banking procedures. However, DT expressed disappointment because there was no direct confirmation from the bank regarding the unusually large transactions.DT also believes OCBC’s mobile banking system still has weaknesses, including allowing access from multiple devices and having relatively high daily transaction limits.
In addition to the bank, DT reported the case to the Financial Services Authority (OJK), the Financial Transaction Reports and Analysis Center (PPATK), and the Payment Systems and Policy Department of Bank Indonesia. Although he initially faced difficulties reporting through the Indonesia Anti- Scam Centre (IASC), several institutions responded positively.
“As hacking methods become more advanced and data leaks are more common, banks should be more proactive in protecting customers’ funds,” DT said.