// Adds dimensions UUID, Author and Topic into GA4
Friday, July 10, 2026
29.4 C
Singapore

Two scam victims lost $99,800 in CPF savings after downloading malware-infested apps via fake Facebook ads

SINGAPORE: The Public Affairs Department of the Singapore Police Force issued a statement over the weekend to alert the public over the emergence of scams involving malware that ended with money taken from bank accounts and Central Provident Fund (CPF) accounts.

In two such cases, CPF savings were lost, amounting to at least $99,800. The scammers’ modus operandi is as follows: A person would see an advertisement for groceries on social media platforms such as Facebook.

Screenshot 2023 06 19 at 3.11.49 PM

Those interested and contacted the scammers via messaging platforms, including WhatsApp, would be sent a uniform resource locator (URL).

The scammers would then tell their victims to download an Android Package Kit (APK) file, an application created for Android’s operating system, ostensibly for ordering and payment purposes.

“Unknown to the victims, the application would contain malware that allowed scammers to access the victims’ device remotely and steal passwords, including passwords (e.g. Singpass passcode) stored in the device. The scammer might also call the victim to ask for their Singpass passcode, purportedly to create an account on the application,” the police wrote.

After this, the unwitting customers would be directed to fake bank application login sites, and their banking credentials would be asked for so they could make payments.

“The malware with keylogging capabilities would then capture the credentials keyed by the victim in the fake banking sites and send it to the scammer.

The scammers would then access the victim’s CPF account remotely using the stolen Singpass passcode and request to withdraw the victim’s CPF funds via PayNow.

Once the CPF funds are deposited into the victims’ bank accounts, the scammer will access the victims’ banking application and transfer the CPF funds away via PayNow.”

As victims check their bank accounts and discover unauthorized transactions, they would realize that they have been scammed.

“The Police would like to remind members of the public of the dangers of downloading applications from third-party or dubious sites that can lead to malware being installed on victims’ mobile phones, computers, and other Information Communications Technology (ICT) devices.

Scammers will trick victims into installing malware-infected applications outside the app store. Members of the public are advised not to download any suspicious APK files on their devices as they may contain phishing malware,” wrote the police, urging everyone to follow these precautionary measures:

  • ADD – anti-virus/anti-malware applications to your device. Regularly update your devices’ operating systems and applications to be protected by the latest security patches. Disable “Install Unknown App” or “Unknown Sources” in your phone settings. Do not grant permission to persistent pop-ups that request access to your device’s hardware or data.
  • CHECK – the developer information on the application listing and the number of downloads and user reviews to ensure it is a reputable and legitimate application. Only download and install applications from official app stores (i.e., Google Play Store for Android).
  • TELL – Authorities, family, and friends about scams. Report any fraudulent transactions to your bank immediately.

People who are aware of scams should report these to the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. Those who need urgent assistance should dial 999. /TISG

Grab driver allegedly scammed of $172,000 by CarTimes salesman

- Advertisement -

Hot this week

RM777 billion and climbing: Malaysia’s ASEAN trade hits all-time high as ports break global rankings

Malaysia's trade with ASEAN hit a record RM777.61 billion in 2025, with Port Klang ranking among the world's top 10 busiest container ports and the Port of Tanjung Pelepas crossing 14 million TEUs ...

‘Inconsiderate driver’: Vehicle blocks sheltered pick-up point during heavy rain that caused congestion and stranded passengers

On Facebook, a netizen claimed: "Inconsiderate driver. During the heavy rain, many vehicles and passengers were waiting to use the sheltered pick-up point. However, the driver occupied the designat...

Popular Categories

document.addEventListener("DOMContentLoaded", () => { const trigger = document.getElementById("ads-trigger"); if ('IntersectionObserver' in window && trigger) { const observer = new IntersectionObserver((entries, observer) => { entries.forEach(entry => { if (entry.isIntersecting) { lazyLoader(); // You should define lazyLoader() elsewhere or inline here observer.unobserve(entry.target); // Run once } }); }, { rootMargin: '800px', threshold: 0.1 }); observer.observe(trigger); } else { // Fallback setTimeout(lazyLoader, 3000); } });
// //
Enable Notifications OK No thanks