Over 100 Android users lost $445k since March in phishing scams
Sign up now: Get ST's newsletters delivered to your inbox
After spotting advertisements on social media, victims would contact the scammers through those platforms or on WhatsApp.
PHOTO: SINGAPORE POLICE FORCE
Follow topic:
SINGAPORE – At least 113 Android phone users had their banking credentials stolen in phishing scams since March, with losses amounting to at least $445,000.
The police said on Thursday that the victims had come across advertisements marketing home services or the sale of food items on social media platforms, including Facebook and Instagram.
The victims contacted the putative businesses through the platforms or via WhatsApp, and were sent a URL that redirected them to download an app to book the services or make their purchases.
Clicking on the URL took them to fake Internet banking log-in sites, where they then keyed in their banking details, including card information. The applications they downloaded contained malware that redirected victims’ banking credentials and SMS one-time passwords to the scammers.
“These would be used by scammers to access and make unauthorised transactions in the Android phone’s Internet banking app,” said the police, adding that victims realised they had been scammed only after noticing unauthorised transactions or charges to their cards being made.
“Always exercise caution when clicking on advertisements embedded within applications that lead to a third-party website that prompts downloads of files,” the police advised.
They also advised downloading apps only from official app stores, and checking the developer information as well as the number of downloads and user reviews to ensure that the app is legitimate.
Apps or Android Package Kit (APK) files from the Internet or a third-party could contain phishing malware. APKs are installation files for Android apps that can be downloaded from the Internet and third-party app stores, instead of the Google Play Store.
Users should also update their devices with the latest security patches, and disable the “Install Unknown App” or “Unknown Sources” in the device’s settings. “Do not grant permission to persistent pop-ups that request access to your device’s hardware or data,” the police added. Installing the ScamShield app and setting security features such as two-factor authentication are also recommended.
For more information on scams, people can visit www.scamalert.sg or call the Anti-Scam Hotline on 1800-722-6688. Anyone with information on such scams may call the police hotline on 1800-255-0000 or submit information confidentially online at www.police.gov.sg/iwitness
Mobile device users can also learn more about protecting themselves against malware at https:// www.csa.gov.sg/alerts-advisories/Advisories/2021/ad-2021-008
