Mooncake buyers lose over S$300,000 to Android malware scams
SINGAPORE: At least 27 victims have fallen to mooncake scams perpetrated on social media platforms and involving a malicious Android mobile application.
Total losses in August have amounted to at least S$325,000 (US$238,740), said the police on Tuesday (Sep 5).
Victims would come across advertisements for the sale of mooncakes on Facebook and Instagram in this new scam variant.
They would then be contacted by scammers on WhatsApp and directed to malicious links to make payments.
"These malicious links will lead victims to download an Android Package Kit (APK) file," said the police.
These files, created for the Android operating system, contain malware.
The police added that in some cases, victims were first instructed to make PayNow or bank transfers for the payment of mooncakes. They would then be told that their orders had to be cancelled due to "production or manpower issues".
To obtain a refund, the victims would be told to download and install an APK file, granting scammers access to their devices remotely to steal passwords and retrieve banking credentials.
"Subsequently, victims discovered unauthorised transactions from their banking accounts," said the police.
The police said in March at least 168 people were cheated of at least S$20,000 while trying to buy seasonal food items online such as black gold musang king durian, cherries and wagyu beef.
Advisory on e-commerce scams
- Add ScamShield App and set security features like two-factor (2FA) or multifactor authentication for banks, social media, Singpass accounts and transaction limits on internet banking transactions, including PayNow.
- Check for scam signs with official sources, such as by visiting the scam alert website or calling the Anti-Scam Hotline at 1800-722-6688.
- Purchase only from authorised sellers or reputable sources and be wary of purported time-sensitive deals.
- Avoid making upfront payments to bank accounts belonging to unknown individuals and, whenever possible, avoid making advance payments or direct bank transfers to the seller.
- Always verify the seller’s profile through customer reviews and ratings.
- Tell authorities, family, and friends about the scam so they do not fall for it. Report the fraudulent pages to Whatsapp to initiate in-app blocking, while fraudulent transactions should also be reported to banks immediately.
"The police would like to remind members of the public of the danger of downloading apps from third-party or dubious sites."
Those who have downloaded and installed a suspicious app, or suspect their phone may be infected with malware should turn their phone to "flight mode".
After checking that the Wi-Fi is switched off, run an anti-virus scan. Victims should also check their bank account, Singpass and CPF for any unauthorised transactions using other devices.
"If there are unauthorised transactions, report to the bank, relevant authorities, and lodge a police report."