SINGAPORE: In a breakthrough against banking-related malware scams, Singaporean authorities have arrested 11 men and one woman between the ages of 17 and 40 for their suspected involvement in facilitating a series of scams. The arrests come after an island-wide anti-scam enforcement operation conducted from Oct 9 to Oct 20.
Over the past two weeks, officers from the Commercial Affairs Department (CAD) and Police Intelligence Department (PID) collaborated on a simultaneous island-wide operation, leading to the apprehension of the suspects. Preliminary investigations have revealed that the 12 individuals allegedly played a key role in these scams by relinquishing their bank accounts and Internet banking credentials and/or disclosing Singpass credentials in exchange for monetary gains.
The surge in these cases began in January 2023, with the police receiving a growing number of reports about malware compromising Android mobile devices. These malicious programs resulted in unauthorized transactions from victims’ bank accounts, even when they had not disclosed their Internet banking credentials, One-Time Passwords (OTPs), or Singpass credentials to anyone.
In these cases, victims typically responded to advertisements on social media platforms, such as Facebook, promoting services like cleaning, pet grooming, or food items. Scammers instructed victims to download Android Package Kits (APK) from non-official app stores to facilitate their purchases, leading to malware being surreptitiously installed on their mobile devices.
Subsequently, scammers coerced victims through phone calls or text messages to enable accessibility services on their Android phones, weakening the devices’ security. This allowed scammers to gain full control of the victims’ phones, logging every keystroke and stealing stored banking credentials.
Scammers could then remotely access victims’ banking apps, add money mules as payees, raise payment limits, and transfer money to these accomplices, all while deleting SMS and email notifications of the bank transactions to cover their tracks.
The ongoing police investigations have identified several charges that these individuals will face. The offence of acquiring benefits from criminal conduct under Section 54(5)(a) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 carries a maximum penalty of up to 10 years in prison, a fine of up to $500,000, or both.
For their involvement in deceiving banks into opening accounts not meant for personal use and for divulging their bank account login details, they are liable under Section 417, read with Section 109 of the Penal Code 1871 and Section 3(1) of the Computer Misuse Act 1993, respectively.
The offence of cheating under Section 417 of the Penal Code 1871 carries a maximum sentence of up to three years in prison, a fine, or both. Meanwhile, the offence under Section 3(1) of the Computer Misuse Act 1993 carries a fine of up to $5,000, an imprisonment term of up to two years, or both.
For disclosing their Singpass credentials under Section 8 of the Computer Misuse Act 1993, they are subject to an imprisonment term not exceeding three years, a fine of up to $10,000, or both.
The police have also issued a public advisory urging citizens to exercise caution when using mobile apps. They emphasize not clicking on suspicious links, scanning unknown QR codes, or downloading mobile apps from third-party websites or unknown sources, as unverified apps may contain malware, severely compromising device security.
The public is encouraged to only download apps from official app stores, check the number of downloads and user reviews before downloading any app, and be wary of any requests for Singpass and banking credentials or money transfers.
To help protect their devices, individuals are advised to activate security settings, disallowing the installation of apps from unknown sources.
The police have asserted their commitment to tracking down cybercriminals responsible for banking-related malware incidents, and they will continue taking stringent enforcement actions against those who violate the law.
The public is also urged to reject attractive money-making opportunities that require using their Singpass accounts, bank accounts, or personal bank accounts for receiving and transferring money on behalf of others to avoid becoming accomplices in these crimes.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688. Those with information on such scams may contact the Police Hotline at 1800-255-0000 or submit information online at www.police.gov.sg/iwitness, with the assurance that all information will be kept strictly confidential.