Mooncake Scam in Singapore 🇸🇬

The Online mooncake scam: 27 people lose $325,000 in a month.

Victims would contact the moon cake sellers and be directed to make payment through WhatsApp, but would be given links that led to malware. 

Reporter: Fatimah Mujibah

UPDATED 5 SEPT 2023, 11:20 PM SGT

   

SINGAPORE – A new scam involving mooncake sales on social media platforms has cost at least 27 victims around $325,000 in August alone, said the police on Tuesday.

After contacting the “sellers” through social messaging platforms to place orders for mooncakes advertised on Facebook and Instagram, the victims were directed through WhatsApp to make payment. But the links, the police said, led victims to download an Android Package Kit (APK) file, an application created for Android’s operating system, containing malware.

In some cases, victims were instructed to make PayNow or bank transfers to buy the mooncakes.

The scammers would then inform victims that their orders had to be cancelled due to production or manpower issues, and direct them to the malicious links for “refunds”.

After the APK file was downloaded and installed, the scammers would gain remote access to the victims’ devices, letting them steal passwords and retrieve banking credentials.

Victims later discovered unauthorised transactions from their banking accounts.

The police advised the public to adopt precautionary measures such as adding the ScamShield app, enabling two-factor or multifactor authentication for bank apps and setting transaction limits on Internet banking transactions.

The police also advised the public to ensure their devices have updated antivirus/anti-malware applications installed and to disable “Install Unknown App” or “Unknown Sources” in their phone settings.

Members of the public should download and install applications from only official app stores, and be wary if asked to download unknown apps to purchase items or services on social media platforms.

The police urged the public to report any fraudulent transactions to their bank immediately and to inform the authorities, family and friends about scams.

If individuals suspect that their phone is infected with malware, they should turn their phone to “flight mode”, run an antivirus scan on their phone, check their bank, Singpass and Central Provident Fund accounts for any unauthorised transactions using other devices, report it to the bank and relevant authorities, and lodge a police report.

For more information on scams, members of the public can visit www.scamalert.sg or call the anti-scam helpline on 1800-722-6688.

在线月饼骗局：27 人一个月内损失 325,000 美元。

 受害者会联系月饼卖家，并被引导通过 WhatsApp 进行付款，但会收到指向恶意软件的链接。

 记者：法蒂玛·穆吉巴

 更新于 2023 年 9 月 5 日，晚上 11:20（新加坡标准时间）

 新加坡——警方周二表示，仅 8 月份，一项涉及社交媒体平台上月饼销售的新骗局就已造成至少 27 名受害者损失约 325,000 美元。

 受害者通过社交通讯平台联系“卖家”订购Facebook和Instagram上广告的月饼后，被引导通过WhatsApp付款。 但警方表示，这些链接导致受害者下载了 Android Package Kit (APK) 文件，这是一款为 Android 操作系统创建的应用程序，其中包含恶意软件。

 在某些情况下，受害者被指示通过 PayNow 或银行转账来购买月饼。

 然后，诈骗者会告知受害者，由于生产或人力问题，他们的订单必须取消，并引导他们前往恶意链接进行“退款”。

 下载并安装 APK 文件后，诈骗者将远程访问受害者的设备，让他们窃取密码并检索银行凭证。

 受害者后来发现他们的银行账户存在未经授权的交易。

 警方建议公众采取预防措施，例如添加ScamShield应用程序、为银行应用程序启用双因素或多因素身份验证以及对网上银行交易设置交易限额等。

 警方还建议公众确保他们的设备已安装更新的防病毒/反恶意软件应用程序，并在手机设置中禁用“安装未知应用程序”或“未知来源”。

 公众应仅从官方应用商店下载和安装应用程序，如果被要求下载未知应用程序以在社交媒体平台上购买商品或服务，请保持警惕。

 警方敦促公众立即向银行举报任何欺诈交易，并向当局、家人和朋友通报诈骗情况。

 如果个人怀疑自己的手机感染了恶意软件，应将手机调至“飞行模式”，在手机上运行防病毒扫描，检查其银行、Singpass 和中央公积金账户是否存在使用其他设备进行的任何未经授权的交易，并报告 向银行和有关当局举报，并向警方报案。

 如需了解有关诈骗的更多信息，公众可以访问 www.scamalert.sg 或拨打反诈骗热线 1800-722-6688。