Watch out for scammers who ask for your phone number and passwords via Facebook messenger, the police warned in a Facebook post yesterday.
Scammers send messages to victims claiming that they have lost their phones and need the victims' phone numbers and a one-time password (OTP).
Such OTPs can be used for fraudulent purchases which are then charged to the victims' phone bills.
The scam is a resurgent one that first occurred last year.
There were 130 such cases received by the police between January and November last year, with at least $16,000 in total lost to scammers, the police said on their website.
Most of the cases involved scammers who sent their victims friend requests on Facebook. Some of them would create Facebook accounts that resembled those of their friends to ask for the victims' mobile phone numbers and what mobile service providers they used.
They would then make online purchases of gaming credits or online gift cards using the victims' mobile phone numbers.
These purchases were charged to the victims' phone lines after the latter gave their OTPs or verification codes to the scammers.
The victims would find out that they had been scammed only when they received their mobile phone bills.
At the same time, a similar scam via Facebook messenger has been making the rounds recently. In this scam, victims get a message with their photos in it.
The message claims that the victims are seen in a video and invite them to click on the link. It contains the user's profile picture and is titled after the user's name.
It says: "(User name) This video is yours?" and includes a high number of purported views. It also comes with an emoticon showing a surprised face.
According to a report by tech news site Bleepingcomputer.com in August last year, clicking on the link on Google Chrome takes victims to a fake YouTube channel with a malicious extension.
It is believed that scammers use the extension to push adware and collect credentials for new Facebook accounts that they use to perpetuate the scam.
Users who come across this scam should avoid clicking on the links, and reach out to the person who sent the message to advise him to change his account credentials.