Victims lose about S$220,000, including CPF savings, in Android malware scams
A 16-year-old was among nine people arrested for their suspected involvement in the phishing scam.
SINGAPORE: A 16-year-old suspect was among nine people arrested for their suspected involvement in a recent spate of malware scams targeting Android mobile device users.
Victims lost more than S$221,000 (US$164,000), including more than S$114,000 in CPF savings, since late May, said the Singapore Police Force (SPF) on Saturday (Jun 24).
Malware was used to compromise their mobile devices, resulting in unauthorised transactions from the victims’ bank accounts even though they did not reveal their internet banking credentials, one-time passwords or Singpass credentials to anyone.
In some cases, CPF savings were withdrawn and credited to victims' bank accounts before being transferred out.
According to the police, victims had responded to advertisements on social media platforms like Facebook and were instructed by scammers to download mobile apps from third-party sites or via WhatsApp, resulting in malware being installed on their mobile devices.
"Unknown to the victims, the mobile applications, which contained the malware, enabled the scammers to access the victims’ mobile devices remotely and steal internet banking credentials, OTPs, Singpass credentials and other personal information found in the devices," said the police.
"With the stolen credentials, the scammers gained illegal access to the victims’ CPF accounts by accessing the victims’ Singpass app and bank accounts."
The suspects, aged between 16 and 28, were arrested during a five-day islandwide operation that ended on Jun 23.
Seven of them allegedly facilitated the scams by relinquishing their bank accounts, internet banking credentials or by disclosing their Singpass credentials for monetary gains.
Two suspects are believed to have withdrawn money from some of the money mules’ bank accounts and handed the money to unknown people, said the police.
Another three people are assisting in the investigations.
A mobile phone and several bank cards were seized by the police. About 20 bank accounts were also frozen with a sum of more than S$54,000 seized.
Police investigations are ongoing.
"The police would like to remind members of the public that they should not click on suspicious links, scan unknown QR codes, or download mobile apps from third-party websites or unknown sources," said SPF.
"These unverified apps may contain malware, which can severely compromise the security of the mobile devices."
The police added that members of the public should only download apps from official app stores, and check the number of downloads and user reviews.
Those with information relating to scams can call the police hotline at 1800-255-0000 or submit online.