PT Bank Central Asia Tbk (BCA) urges customers to be vigilant against phishing scams via fake websites impersonating the bank, following social media reports of business customers losing billions of rupiah. EVP Corporate Communication & Social Responsibility BCA, Hera F Haryn, stated that the company has coordinated with the affected customer and confirmed the bank's systems are secure.
Jakarta – PT Bank Central Asia Tbk (BCA) issued a warning on Sunday (January 25, 2026) urging customers to be cautious of various scam tactics, particularly phishing via fake websites. The advisory follows social media reports of business customers suffering losses of up to billions of rupiah from misdirected fund transfers.
EVP Corporate Communication & Social Responsibility BCA, Hera F Haryn, explained that the bank has communicated with the affected customer and conducted an investigation. "Based on the chronology provided by the customer and our tracing results, this incident is a phishing scam via a fake website," Hera said in her statement.
Hera added that internal checks confirmed BCA's systems remain secure. Thus, BCA emphasizes that customers should not share sensitive data such as Appli Token Key BCA, PIN, OTP, and passwords. Customers are advised to use only official channels: the haloBCA app, Halo BCA number 1500888 (without 021 or +0621 prefixes), WhatsApp Bank BCA 08111500998 (with blue tick), Instagram @goodlifebca (blue tick), and website www.bca.co.id.
The case first went viral via Instagram account @realmrbert, which noted the victim should have accessed KlikBCA Bisnis through vpn.klikbca.com. Instead, the victim fell for a fake site starting with 'vpk', which mimicked the official site's appearance, diverting funds to the scammer's account. Meanwhile, account @tommy******** reported a loss of Rp500 million—intended as employee salaries—after accessing a fake site via Google search.