What the official warning actually said
The 26 January 2026 DJP article made a very specific point: official access to Coretax DJP is only through coretaxdjp.pajak.go.id, and lookalike domains should be treated as fake and dangerous. The same message fits with DJP's Coretax portal page, which points users to that exact login route. The article also stresses that Coretax is a web-based system rather than an application taxpayers should be downloading from random sources.
Why this deserves to count as tax news
In a digital tax system, secure access is not a side issue. If a taxpayer hands credentials to a fake portal or follows a spoofed update path, the result can be missed filings, compromised data and disrupted compliance. This is why the DJP warning matters beyond general cybersecurity advice. It sits inside the real administration of tax obligations.
What taxpayers should do differently now
The simplest practical rule is also the best one: begin at pajak.go.id or type the official Coretax domain directly, and do not trust links sent through unsolicited messages. Tax compliance used to be about dates, forms and payments. In a platform environment, it is also about verified digital pathways.
Educational content only
Commentary reflects the state of the law as of January 26, 2026. Tax rules change and your facts matter — confirm anything important with a qualified professional or the cited official source before acting.