SINGAPORE: The Public Affairs Department of the Singapore Police Force issued a statement over the weekend to alert the public over the emergence of scams involving malware that ended with money taken from bank accounts and Central Provident Fund (CPF) accounts.
In two such cases, CPF savings were lost, amounting to at least $99,800. The scammers’ modus operandi is as follows: A person would see an advertisement for groceries on social media platforms such as Facebook.
Those interested and contacted the scammers via messaging platforms, including WhatsApp, would be sent a uniform resource locator (URL).
The scammers would then tell their victims to download an Android Package Kit (APK) file, an application created for Android’s operating system, ostensibly for ordering and payment purposes.
“Unknown to the victims, the application would contain malware that allowed scammers to access the victims’ device remotely and steal passwords, including passwords (e.g. Singpass passcode) stored in the device. The scammer might also call the victim to ask for their Singpass passcode, purportedly to create an account on the application,” the police wrote.
After this, the unwitting customers would be directed to fake bank application login sites, and their banking credentials would be asked for so they could make payments.
“The malware with keylogging capabilities would then capture the credentials keyed by the victim in the fake banking sites and send it to the scammer.
The scammers would then access the victim’s CPF account remotely using the stolen Singpass passcode and request to withdraw the victim’s CPF funds via PayNow.
Once the CPF funds are deposited into the victims’ bank accounts, the scammer will access the victims’ banking application and transfer the CPF funds away via PayNow.”
As victims check their bank accounts and discover unauthorized transactions, they would realize that they have been scammed.
“The Police would like to remind members of the public of the dangers of downloading applications from third-party or dubious sites that can lead to malware being installed on victims’ mobile phones, computers, and other Information Communications Technology (ICT) devices.
Scammers will trick victims into installing malware-infected applications outside the app store. Members of the public are advised not to download any suspicious APK files on their devices as they may contain phishing malware,” wrote the police, urging everyone to follow these precautionary measures:
- ADD – anti-virus/anti-malware applications to your device. Regularly update your devices’ operating systems and applications to be protected by the latest security patches. Disable “Install Unknown App” or “Unknown Sources” in your phone settings. Do not grant permission to persistent pop-ups that request access to your device’s hardware or data.
- CHECK – the developer information on the application listing and the number of downloads and user reviews to ensure it is a reputable and legitimate application. Only download and install applications from official app stores (i.e., Google Play Store for Android).
- TELL – Authorities, family, and friends about scams. Report any fraudulent transactions to your bank immediately.
People who are aware of scams should report these to the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. Those who need urgent assistance should dial 999. /TISG