At least 2 Android users lose nearly $100k of CPF savings in June in malware-related scams
Victims came across advertisements on social media and were given a link to download an Android Package Kit that contained malware.
Amanda Lee. JUN 17, 2023,
SINGAPORE – At least two Android users lost $99,800 of their Central Provident Fund (CPF) savings in June to scams involving malware.
The police said on Saturday that the victims came across advertisements marketing groceries like seafood on social media platforms, including Facebook.
The victims contacted the businesses through their social media platforms or WhatsApp.
They were sent a URL to download an Android Package Kit (APK) file, an application created for Android’s operating system, to order groceries and make payment.
APKs are installation files for Android apps that can be downloaded from the Internet and third-party app stores, instead of the Google Play Store.
Apps or APK files from the Internet or a third party could contain phishing malware.
The victims were unaware that the application contained malware that would allow scammers to access the victims’ devices remotely and steal passwords. These included Singpass passcodes, among other details stored in the victims’ devices.
“The scammer might also call the victims to ask for their Singpass passcode, purportedly to create an account on the application,” said the police.
Victims were directed to fake bank sites to key in their login credentials to make payment within the app.
The malware would capture the credentials entered.
The scammers were then able to access the victims’ CPF accounts remotely using the stolen Singpass passcode and make a request to withdraw funds through PayNow.
The police did not state the victims’ ages. CPF members can withdraw some of their savings when they turn 55 and receive monthly payouts under the CPF Life scheme when they reach the eligible age, which is currently 65.
Once the CPF funds were deposited into the victims’ bank accounts, the scammer accessed the victims’ bank applications and transferred the money out via PayNow.
The victims realised they had been scammed when they discovered unauthorised transactions on their bank accounts.
Woman loses nearly $30k after downloading third-party app via WhatsApp
Over 100 Android users lost $445k since March in phishing scams
The police warned of the dangers of downloading apps from third-party or dubious sites that can lead to malware being installed on their computers, mobile phones and other information technology devices.
Scammers trick victims into installing malware-infected apps that are not in the app stores, the police said, advising the public not to download any suspicious APK files as these may contain phishing malware.
People should update their devices with the latest security patches and report any fraudulent transactions to their banks immediately.
For more information, they can visit www.scamalert.sg or call the Anti-Scam Hotline on 1800-722-6688.
Anyone with information on scams can call the police hotline on 1800-255-0000 or submit details confidentially at www.police.gov.sg/iwitness
Mobile device users can also learn more about protecting themselves against malware at www.csa.gov.sg/alerts-advisories/Advisories/2021/ad-2021-008
Similar cases occurred here recently.
In May, a 34-year-old woman lost close to $30,000 after scammers took control of her phone when she downloaded a third-party app.
And at least 113 Android phone users have had their banking credentials stolen in phishing scams since March, with losses amounting to at least $445,000.
No comments:
Post a Comment