7 people who allegedly disclosed banking, Singpass details to scammers to be charged
Sign up now: Get ST's newsletters delivered to your inbox
The scams involved malware which resulted in losses from victims’ bank accounts.
PHOTO ILLUSTRATION: ST FILE
Follow topic:
SINGAPORE - Seven people, including three teenagers, will be charged over relinquishing their bank accounts and/or Singpass credentials for money laundering activities linked to banking-related phishing scams earlier in 2023.
These scams involved malware that resulted in losses from victims’ bank accounts, the police said in a statement on Wednesday.
The suspects, aged between 17 and 35, were arrested by officers from the Commercial Affairs Department of the Singapore Police Force and will be charged in court on Thursday.
Between June 7 and July 12, the police received several reports informing them that Android mobile devices were compromised, resulting in unauthorised transactions that were made from victims’ bank accounts.
The police said that these victims had not revealed their Internet banking credentials, one-time passwords or Singpass credentials to anyone. In these cases, the victims had responded to advertisements on social media platforms such as Facebook.
Those who responded to the advertisements were instructed by scammers to download an “Android Package Kit” (APK) from a non-official app store to facilitate the purchases. Malware was installed on the mobile devices of the victims who had downloaded the APK.
Through phone calls or text messages, the scammers convinced the victims to turn on accessibility services on their Android phones. This meant that the phones’ security was weakened and it allowed the scammers to take full control of the devices remotely.
The scammers could record every keystroke and steal banking credentials stored in phones. It allowed them to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules.
They could also remotely delete SMS and e-mail notifications of the bank transfers to cover their tracks.
Among the seven suspects is a 17-year-old who had handed over his Internet banking credentials and ATM card to an unknown person in May.
The person had offered him at least $400 in return.
In June, an 18-year-old woman participated in an online investment scheme on Telegram which offered her at least $10,000 in return for using her two bank accounts.
In early June, a 19-year-old man revealed his Singpass and Internet banking credentials to an “online friend”.
In the same month, a 20-year-old man followed an advertisement on Telegram offering “fast cash” and disclosed his Internet banking credentials to an unknown person.
Between May and June, a 27-year-old man responded to an advertisement on Telegram which offered “fast cash”. He disclosed his and his wife’s Internet banking credentials to an unknown person.
In July, two men, aged 26 and 35, responded to a Telegram advertisement which offered “fast cash”. They disclosed their Internet banking credentials to unknown persons separately.
These accounts were believed to be used to launder criminal proceeds.
The offence of disclosing Singpass credentials carries an imprisonment term not exceeding three years or a fine not exceeding $10,000, or both, for a first-time offender.
Abetting unknown persons to secure unauthorised access to the bank’s computer system, for a first-time offender, carries a fine not exceeding $5,000, an imprisonment term not exceeding two years, or both.
The police reminded the public that individuals will be held accountable if they are found to be linked to such crimes.
For more information on scams, go to www.scamalert.sg
Anyone with information relating to such crimes should call the police hotline on 1800-255-0000, or submit it at www.police.gov.sg/iwitness
