SINGAPORE – Ten suspects, including a 16-year-old, were arrested by the police for their suspected involvement in the recent spate of banking-related malware scams that have plagued Android users.
The malware resulted in unauthorised transactions being made from victims’ bank accounts.
The suspects were rounded up during an islandwide operation between July 31 and Aug 11 that targeted scammers, with the officers responsible for the arrests coming from the Commercial Affairs Department and Police Intelligence Department.
Six other people, aged between 17 and 60, are assisting in investigations.
The police said in a statement on Saturday that they have seen an increase in the number of reports of Android phones being compromised by malware, which led to unauthorised banking transactions.
This occurred despite victims not disclosing their Internet banking credentials, one-time passwords or Singpass credentials to anyone.
The police said the victims fell prey to these scams after responding to advertisements on social media platforms, whereupon scammers would instruct them to download Android Package Kit files from third-party app stores in order to make purchases.
Instead of a legitimate app, however, malware would be installed on their phones, with scammers urging the victims to enable accessibility services on their devices.
In doing so, their phones became vulnerable and this allowed scammers to take full control of the devices, including enabling them to record every keystroke and steal banking credentials stored on the phone.
The scammers could then remotely log in to victims’ banking apps, add money mules as payees, raise payment limits and transfer money. They could also erase their tracks by deleting SMS and e-mail notifications that the banks issued.
The police said the 10 suspects allegedly facilitated scam cases by giving up their bank accounts, Internet banking credentials and, in some cases, Singpass credentials for monetary gain.
Urging the public to exercise caution when downloading apps, the police said suspicious links, QR codes, third-party websites and unknown sources should be avoided.
Besides downloading apps from official app stores, they recommend checking the number of downloads and user reviews before clicking on the install button.
“Always be wary of any requests for banking credentials, money transfers or attractive offers that sound too good to be true.
“Members of the public are advised to turn on security settings, such as disallowing installation of apps from unknown sources, to help protect their devices,” said the police.
If found guilty of acquiring benefits from criminal conduct, the suspects can be jailed for up to 10 years, fined up to $500,000, or both.
For deceiving banks into opening bank accounts that were not meant for their own use and relinquishing their bank account log-in details, the suspects are liable for two separate offences.
If found guilty of cheating, they can be jailed for up to three years, fined, or both. For breaking the law under the Computer Misuse Act, they can be jailed for up to two years, fined up to $5,000, or both.
For disclosing their Singpass credentials, they can be jailed for up to three years, fined up to $10,000, or both.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline on 1800-722-6688.
