PSA: Potential Compromised Indonesia/Bali E-Visa Website

looks on 16/03/2026 - 12:52
Last edited 16/03/2026 - 12:54

A Reddit user applied for three B1 e‑visas via the official portal and, within 24 hours, received a phishing email from noreplyarrivalcardidn@arrivalcardsubmission.online that:

  • Included the correct full names of all applicants and the correct official confirmation/registration number from their e‑visa application
  • Claimed to be from Indonesian Immigration and said you must pay for an “arrival card” via a link (arrivalcardsubmission.online) that tries to get you to buy USD‑backed crypto

Because the scammers had accurate application data so quickly, there’s concern that either the official e‑visa system or someone with internal access is leaking recent applicants’ details, not just scraping random emails.

For Aussies headed to Bali and Indonesia in general, note:

  • The “arrival card” in that email is a scam – ignore and delete it
  • The legitimate, free online arrival card is only at https://allindonesia.imigrasi.go.id/ or the official “All Indonesia” app, which gives you a QR code checked at the airport
  • Real Indonesian government domains end in .go.id, not .online

Has anyone here who recently used the official e‑visa site, received similar emails or noticed anything suspicious after paying for Bali visas online?
There was someone also who mentioned their Wise credit card was also used for unauthorized transactions after using the official site.

Maybe better to get the VOA at the airport instead of online.

Travel Asia Bali Indonesia Travel Visa

Comments

Best
Search through all the comments in this post.
  • MS Paint on 16/03/2026 - 13:12
    +6

    Added to my already comprehensive list of why never to waste my time going to Bali. Cheers

    • Wiadro on 16/03/2026 - 13:57
      +1

      i didnt get scammed on a visa application, it was so simple tbh

    • foursaken on 16/03/2026 - 14:56

      Is this above or below methanol poisoning?

      • MS Paint on 16/03/2026 - 15:50

        They are all the number 1 reason not to go.

        • foursaken on 17/03/2026 - 09:17

          I feel you

        • Muppet Detector on 31/03/2026 - 16:04
          -2

          But its number 2 that gives you the shits.

  • ShanOZ on 18/03/2026 - 17:37
    +1

    It happened with me today, applied visa for a family and within 3 hours got this phishing email, and it has our full name and the exact reference number that was given by the official email so the leak is serious and real time.
    Would anyone know what are our options now considering they have our passport details ?

  • bargaino on 16/03/2026 - 23:07

    Modern version of Virus alert!

  • wetsandwich on 30/03/2026 - 13:28

    Every third world country government database/website is a totally compromised disaster. They are the places that shouldn't try to go digital (though we should). It's pretty much your entire identity handed over to scammers the moment you submit it.

Login or Join to leave a comment
Login Join