Online mooncake scam: 27 people lose $325,000 in a month

Victims would contact the moon cake sellers and be directed to make payment through WhatsApp, but would be given links that led to malware. PHOTOS: SINGAPORE POLICE FORCE
Fatimah Mujibah
Updated
Sep 24, 2023, 04:47 PM
Published
Sep 05, 2023, 07:05 PM

SINGAPORE – A new scam involving mooncake sales on social media platforms has cost at least 27 victims around $325,000 in August alone, said the police on Tuesday.

After contacting the “sellers” through social messaging platforms to place orders for mooncakes advertised on Facebook and Instagram, the victims were directed through WhatsApp to make payment. But the links, the police said, led victims to download an Android Package Kit (APK) file, an application created for Android’s operating system, containing malware.

In some cases, victims were instructed to make PayNow or bank transfers to buy the mooncakes.

The scammers would then inform victims that their orders had to be cancelled due to production or manpower issues, and direct them to the malicious links for “refunds”.

After the APK file was downloaded and installed, the scammers would gain remote access to the victims’ devices, letting them steal passwords and retrieve banking credentials.

Victims later discovered unauthorised transactions from their banking accounts.

The police advised the public to adopt precautionary measures such as adding the ScamShield app, enabling two-factor or multifactor authentication for bank apps and setting transaction limits on Internet banking transactions.

The police also advised the public to ensure their devices have updated antivirus/anti-malware applications installed and to disable “Install Unknown App” or “Unknown Sources” in their phone settings.

Members of the public should download and install applications from only official app stores, and be wary if asked to download unknown apps to purchase items or services on social media platforms.

The police urged the public to report any fraudulent transactions to their bank immediately and to inform the authorities, family and friends about scams.

If individuals suspect that their phone is infected with malware, they should turn their phone to “flight mode”, run an antivirus scan on their phone, check their bank, Singpass and Central Provident Fund accounts for any unauthorised transactions using other devices, report it to the bank and relevant authorities, and lodge a police report.

For more information on scams, the public can visit www.scamalert.sg or call the anti-scam helpline on 1800-722-6688. They can also check for scams using the ScamShield WhatsApp bot @ https://go.gov.sg/scamshield-bot.

More On This Topic
At least 2 Android users lose nearly $100k of CPF savings in June in malware-related scams
At least 168 victims lost $20k to e-commerce scams involving food items

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top