23/07/2023

Scams & Not Scams

How Malware takes remote control of your HP after you download 3rd party apps

Update 20 Jan 2024: 
Artificial Intelligence Impersonation

Fake advertisements that name Prime Minister Lee Hsien Loong and use his image to promote crypto scams, among others, have been seen on the Internet recently, Mr Lee said on Facebook on Saturday night.

He said such advertisements, which tend to surface after a major speech or announcement with lots of media coverage, have re-emerged in the past few days.

“If the ad uses my image to sell you a product, or asks you to invest in some scheme, or even uses my voice to tell you to send money, it’s not me,” he added.


Spate of Online Scams

An online order for grouper fillets that was supposed to cost $10 ended up costing one woman more than $44,000 after scammers took control of her Android phone and banking details remotely.

Ms Jacqueline Khoo, 58, lost $44,487 from two credit card accounts and three bank savings accounts from POSB in a few hours after she clicked on a link to download a third-party app, following which scammers then increased her credit limits and siphoned out her money. Ms Khoo had chanced upon a Facebook advertisement for grouper fillets from a seafood supplier called “Fresh Market TGS” on Aug 25.

She was attracted by a deal that offered $10 grouper fillet with free shipping and contacted the seller on Facebook. “Although I never bought anything from Facebook before, I had previously bought fish and pork from Shopee and Qoo10. I was not suspicious of the ad and it never occurred to me that this was a scam,” she told The Straits Times.


DBS says letter on online banking account deactivation is legitimate
A letter telling users that their bank accounts have been temporarily deactivated are legitimate, said DBS on Friday. PHOTO: WHATSAPP

A letter telling users that their online banking accounts have been temporarily deactivated is legitimate, DBS Bank said on Friday.

The bank made the clarification after a WhatsApp message of the letter, with a warning of “fraudulent letters posing as DBS mailers”, made the rounds. An image of the letter made its rounds on Facebook and WhatsApp on Friday, with an alert urging people to warn their friends and family about the alleged scam.

In a Facebook post on Friday, DBS said that it is aware of the messages going around. “We would like to clarify that this letter from DBS Bank is legitimate, and urge members of the public not to share or forward such messages when received,” it added. The intent of the letter is to inform customers that the bank has temporarily deactivated their digibank access after several unsuccessful login attempts were detected, the bank said, adding that this is a precautionary measure put in place to customers against scammers.


DBS 4 h

We are aware of social media/ WhatsApp/ SMS messages claiming that a letter titled “Your DBS digibank has been deactivated” (pictured) is fraudulent. We would like to clarify that this letter from DBS Bank is legitimate, and urge members of the public not to share or forward such messages when received.

The letter's intent is to inform the customer that we have temporarily deactivated his/her digibank access after detecting several unsuccessful log-in attempts, which is a precautionary measure we have in place to safeguard our customers against scammers.

To verify the authenticity of such correspondence, please check with us directly via our DBS Help & Support page https://www.dbs.com.sg/personal/support/home.html. Our customers can also call our dedicated 24/7 fraud reporting hotline at 1800 339 6963 for assistance.


Scammers target PM Lee in fake online ads
In his post, Prime Minister Lee Hsien Loong attached a screenshot showing a fake CNA report. PHOTO: FACEBOOK/PM LEE

Fake advertisements that name Prime Minister Lee Hsien Loong and use his image to promote crypto scams, among others, have been seen on the Internet recently, Mr Lee said on Facebook on Saturday night.

He said such advertisements, which tend to surface after a major speech or announcement with lots of media coverage, have re-emerged in the past few days.

“If the ad uses my image to sell you a product, or asks you to invest in some scheme, or even uses my voice to tell you to send money, it’s not me,” he added.


Lee Hsien Loong 13h

I often find that when there has been a lot of media coverage after a major speech or announcement, scammers will capitalise on this and use my image to run crypto scams and fake ads.

If the ad uses my image to sell you a product, asks you to invest in some scheme, or even uses my voice to tell you to send money, it's not me. :)

Such ads have popped up again in the past few days. I’ve been made aware of this, thanks to alert Singaporeans who took the time to write in. I came across some myself while surfing the internet. I have reported the fake ads to the relevant teams.

If you come across scams, fake news or ads, like the screenshot you see here, please do not respond to them! You can report them via the official ScamShield Bot on WhatsApp at https://go.gov.sg/scamshield-bot.

If you have fallen victim to an online scam, you can lodge an online police report at go.gov.sg/police-report.

Let us do our part by staying vigilant against scams. – LHL


Flyer with QR code to redeem free blood pressure device not a scam: AIA Singapore
The flyer had grammatical and punctuation errors, which are known telltale signs a message could be a scam. PHOTO: ST READER

A flyer encouraging households here to scan a QR code to redeem a free blood pressure device is legitimate and not a scam, said insurance firm AIA Singapore on Wednesday.

According to the website linked to the QR code, an AIA financial services consultant will provide a financial sharing session to those who sign up to redeem the device. A photo of the flyer made its rounds on social media and the HardwareZone forum on Tuesday, with many netizens believing it was a scam. Users of the forum urged others not to scan the QR code, fearing it could contain malware. The Straits Times noticed the flyer contained grammatical and punctuation errors, which are often telltale signs of scam messages.

AIA Singapore told ST it had engaged a vendor, We Care For SG, to conduct marketing activities with its authorised insurance representatives. The AIA spokesman said: “Our customers can be assured that this is not a scam and that integrity is at the core of AIA’s business. All representatives of AIA Singapore are also held to the highest professional standards.” He added: “We take a zero-tolerance policy to any form of dishonest acts that compromise the integrity of the industry, our business or the trust of our customers, and such acts will be dealt with promptly and without compromise.”


The global scam pandemic hits Singapore

Scams in Singapore has over the years become so rampant that it has overtaken most typologies to form a significant proportion of overall crime in 2022. A total of 31,728 scam cases were reported in 2022, an increase of 32.6% compared to 2021. This translates to a total loss of $660.7 million in 2022, and an increase of 4.5% compared to 2021.

In an attempt to battle the menace, the Singapore Police Force has separated scams from its annual crime number statistics. The first time that the national police have ever done so for a particular type of crime. If we have to give a persona to a scam victim, most of us would probably think of someone who’s past retirement age. But the statistics tell us that this is a myth; more than half (53%) of scam victims were between the age of 20 and 39 years old.

The most common types of scams in 2022 include:
  • Phishing scam (7,097 cases, increase of 41.3%)
  • Job scam (6,492 cases, increase of 29.9%)
  • E-Commerce scam (4,762 cases, increase of 74.5%)
  • Investment scam (3,108 cases, increase of 26.0%)
  • Fake Friend Call scam (2,106 cases, increase of 207.0%)


Singapore woman loses S$199,996 in deceptive shopping app scam

Once again, another victim has fallen prey to an online scam involving a malicious app and impersonation of a police official.

A 56-year-old woman in Singapore, who simply wanted to buy affordable drinks online, tragically ended up losing S$199,996 after downloading a deceptive “shopping app” as instructed by the seller. The incident was reported by Lianhe Zaobao, a local Chinese media outlet, where the victim, Ms. Lee, shared her harrowing experience.

The self-employed individual came across a Facebook page for a purported “grocery store” on 4 June, offering beverages at unusually low prices. With an upcoming family gathering in mind, she messaged the seller privately on Facebook, providing her phone number and later communicating via WhatsApp.


At least $25.5 million lost to investment scams since June
The police said the victims were duped into "investing” in cryptocurrencies and stocks among others. PHOTO: ST FILE

At least 498 people have lost a total of no less than $25.5 million to investment scams since June.

The police said on Wednesday that the victims were duped into parting with their money for “investments” in cryptocurrencies and stocks, among others.

They had been approached by scammers through various channels, including social media platforms such as Facebook and Instagram, communications apps Telegram and WhatsApp, as well as dating apps such as Coffee Meets Bagel and TanTan.

related:


134 victims lose $375,000 in just over a month to govt agency impersonation scams
Victims received unsolicited phone calls or in-app video calls, allegedly from government agencies. PHOTOS: SINGAPORE POLICE FORCE

At least 134 people lost $375,000 to impersonation scams involving supposed government agencies between June 1 and July 12, the police said on Monday.

The scam involves victims receiving unsolicited phone calls or in-app video calls, allegedly from government agencies such as the Singapore Police Force or the Ministry of Manpower, the police added.

The scammers would claim that there were issues with the victim’s bank accounts which required additional verification.



POLICE ADVISORY ON RE-EMERGENCE OF IMPERSONATION SCAMS INVOLVING GOVERNMENT AGENCIE

The Police would like to alert the public to a persistent trend of a scam variant involving the impersonation of government agencies. Between 1 June 2023 to 12 July 2023, at least 134 victims have fallen prey, with total losses amounting to at least $375,000.

In this variant, victims would receive unsolicited phone calls or in-app calls (e.g. WhatsApp video call) allegedly from government agencies such as the Singapore Police Force (SPF) or the Ministry of Manpower (MOM). The scammers would claim that there were issues with the victim’s bank accounts and required additional verification. Victims would then be asked to provide their banking or personal information such as banking credentials and One-Time Passwords (OTPs) to resolve these issues. Victims may also be asked to show their identity cards, work permit or their bank cards when speaking to the “SPF” or “MOM” officer over the in-app video call. The victims would only discover that they had been scammed when they realised that there were unauthorised transactions made from their bank accounts.

The Police would also like to advise members of the public to adopt the following precautionary measures:
  • ADD - ScamShield App and set security features (e.g., enable two-factor (2FA) or multifactor authentication for banks and set transaction limits on internet banking transactions, including PayNow/PayLah).
  • CHECK – Before giving your banking credentials over the telephone or WhatsApp, check with authorised sources because the Police will never ask you for your banking credentials and OTP over the telephone or WhatsApp. Never share your banking credentials, including your OTPs with anyone over the phone.
  • TELL – Report the number to WhatsApp for them to initiate in-app blocking. If you disclosed your banking details, report this to your bank immediately. Tell your friends about this scam so they do not fall for it.


Flyer with QR code to redeem free blood pressure device not a scam: AIA Singapore
The flyer had grammatical and punctuation errors, which are known telltale signs a message could be a scam. PHOTO: ST READER

A flyer encouraging households here to scan a QR code to redeem a free blood pressure device is legitimate and not a scam, said insurance firm AIA Singapore on Wednesday.

According to the website linked to the QR code, an AIA financial services consultant will provide a financial sharing session to those who sign up to redeem the device. A photo of the flyer made its rounds on social media and the HardwareZone forum on Tuesday, with many netizens believing it was a scam. Users of the forum urged others not to scan the QR code, fearing it could contain malware. The Straits Times noticed the flyer contained grammatical and punctuation errors, which are often telltale signs of scam messages.

AIA Singapore told ST it had engaged a vendor, We Care For SG, to conduct marketing activities with its authorised insurance representatives. The AIA spokesman said: “Our customers can be assured that this is not a scam and that integrity is at the core of AIA’s business. All representatives of AIA Singapore are also held to the highest professional standards.” He added: “We take a zero-tolerance policy to any form of dishonest acts that compromise the integrity of the industry, our business or the trust of our customers, and such acts will be dealt with promptly and without compromise.”


Scam victims in S’pore lost $660.7m in 2022; more than half of them were young adults
There were 31,728 scam cases reported in 2022, up from 23,933 cases in 2021, an increase of 32.6 per cent. ST PHOTO: CHONG JUN LIANG

Scam victims in Singapore lost a total of $660.7 million in 2022, up from $632 million in 2021. The figures released by the police on Wednesday mean that almost $1.3 billion was lost to scams in the past two years. And contrary to popular belief, it was not mostly the elderly who fell prey to scams. More than 53 per cent of scam victims were between 20 and 39 years old.

There were 31,728 scam cases reported in 2022, up from 23,933 cases in 2021, an increase of 32.6 per cent. Phishing scams were the most common ruse in 2022 with 7,097 cases, a 41.3 per cent spike from the 5,023 cases in 2021. However, the total amount lost by phishing scam victims decreased by 52.6 per cent, from $34.8 million in 2021 to $16.5 million in 2022.

The police said scammers in these cases would impersonate officials or trusted entities to trick victims into revealing their credit card details and bank account information. The other scam types with the most number of reports in 2022 included job scams, e-commerce scams, investment scams and fake friend call scams.

related:


Woman who scanned QR code with malware lost $20k to bubble tea survey scam while she was sleeping
The woman visited a bubble tea shop and saw a sticker encouraging customers to do an online survey to get a free cup of milk tea. PHOTO ILLUSTRATION: PEXELS

She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea. Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.

That night, as she was sleeping, her mobile phone suddenly lit up. Thanks to the app she had downloaded, scammers used it to take over her device and moved $20,000 from her bank account. Worryingly, she is not the only victim of such malware scams.

In April, the police and the Cyber Security Agency of Singapore warned the public about downloading apps from dubious sites that can lead to malware being installed onto victims’ mobile phones. They said such malware has resulted in confidential and sensitive data, including banking credentials, being stolen.


“Most expensive Musang King”, Singaporean woman loses S$53,780 in scam
Two unauthorized transfers had been made from my account. The first transfer was for S$27,549, and the second transfer was for S$26,231.”

A Singaporean woman could never have expected that her craving for Musang King durian would lead her unknowingly to fall into a scammer’s trap, causing her to lose nearly all of her life savings. According to the Chinese media outlet Shin Min Daily News, the 50-year-old housewife. surnamed Koh, was unknowingly lured into downloading a third-party application by the scammer, resulting in S$50,000 being transferred out of her bank account. She was left with only S$7 in her saving.

Ms Koh recalled her terrible experience, stating that she had seen several durian sale advertisements on Facebook over the past few weeks. Due to her craving for durians and her intention to share them with her family, she contacted one of the dealers, “TMZ Fresh,” last Thursday (4 May) to inquire about the price.

“A few hours later, the dealer replied to me and stated that the company was currently promoting a sale, with Musang King durians priced at S$6 per kilogram and D24 durians priced at S$4 per kilogram.” When Ms. Koh inquired further about how to place an order and delivery details, the dealer asked for her mobile number, claiming that a “customer service agent” would follow up with her. “Later on, a man with a Malaysian accent contacted me, and asked me to download an application called ‘E2 Mall’ and input my personal information to sign up for membership.”


Singaporean man lost S$6000 to 2-dollar ‘bak zhang’ scam

Singaporeans need to exercise caution when proceeding with online transactions, as multiple victims have recently fallen prey to online scammers with malicious intentions who attempt to gain access to their bank accounts.

These recent cases share a common pattern: scammers advertise enticingly cheap deals on social media, which sound too good to be true, in order to lure unsuspecting victims. They then persuade the victims to download a suspicious app for the transaction, ultimately resulting in financial losses.

Last month, an unsuspecting Singaporean woman purchased Musang King durians online, never expecting that it would lead her to unknowingly download a third-party application as part of a scam. Consequently, S$50,000 was transferred out of her bank account. On Monday (12 June), another Singaporean woman became the victim of a phishing scam, as reported by a local Chinese media outlet Shin Min Daily News. She lost S$20,000 to a scammer.


SMS message about ElderShield termination is legitimate: CPF Board
The SMS message had caused some concern among those who received it. PHOTOS: ST READER, ST FILE

An SMS message sent to Central Provident Fund (CPF) members on Friday (April 22) informing them that their ElderShield insurance policies have been terminated is legitimate, said the CPF Board.

The message is meant to notify CPF members that they are enrolled in CareShield Life, and that their ElderShield policies are being terminated, said the board in response to queries.

The SMS message, which contained a clickable link to the CareShield Life website, had caused some concern among those who received it. Netizens made comments online and wondered if it was a scam.


Phishing scam involving fake QR code found on posters put up at Bukit Batok HDB blocks
The fake QR code takes users to a website with a feedback form. PHOTOS: MUNICIPAL SERVICES OFFICE

A phishing scam using a fake QR code that resembles the Municipal Services Office’s (MSO) QR code has been discovered by Bukit Batok Residents’ Committees.

The legitimate OneService Lite QR code, when scanned, links to the OneService website, where people can submit feedback or complaints on municipal issues via one portal, instead of contacting various government agencies or town councils. The fake QR code was found on posters put up in the lift lobbies of some Housing Board blocks at West Terra and West Edge in Bukit Batok.

When scanned, the fake code takes people to a website with a feedback form, where they are asked to fill in personal information such as their name, e-mail address, contact number and residential address. The fake codes were discovered by West Edge Residents’ Committees on Thursday and immediately taken down. MSO said that it has since alerted all town councils, which are checking the OneService Lite QR codes put up in their towns.

Letter from CPF is legitimate and not a scam: CPF Board
The clarification comes after claims that such letters from CPF are scams. PHOTO: ST FILE

Letters asking its members to update their bank accounts are legitimate and not a scam, said the Central Provident Fund (CPF) Board on Friday (March 11). The clarification comes after claims that such letters from CPF are scams.

A scam alert, which was forwarded multiple times on WhatsApp and spread on Facebook, said the letter was a "fake CPF letter" and urged netizens to warn their friends and relatives about it. In response to queries from The Straits Times, a spokesman for CPF said: "The letter from CPF Board is legitimate and it is to inform the member to provide his bank account details so that he can receive his CPF payouts."

The spokesman added that if members receive a letter from CPF but are unsure if it is real, they should check with the Board directly. CPF also said in a Facebook post that whenever a new bank account is given, CPF will verify it directly with the bank to ensure that it belongs to the member. This ensures that any CPF payouts will always go to the member.

CPF Board 11 March 2022

[Clarification from CPF Board]

This scam alert is FALSE.

When in doubt, always check with CPF Board directly. Please share.

Some users confused as SMSes from legitimate firms get flagged as ‘likely scam’
A handful of Internet users received SMSes marked as “likely scam” after a new system by IMDA dubbed the SMS Sender ID Registry kicked in on Tuesday. PHOTO: ST READER

Financial adviser Tan Zhi Liang thought he had been scammed after buying flight tickets to South Korea from Trip.com, when he saw a booking verification SMS flagged as “likely scam”.

Mr Tan, 29, said: “I thought I had made a purchase from a scam site. I found it weird at first, but I double-checked my booking and it was there, so I didn’t worry too much then.”

He is among a handful of Internet users who received SMSes marked as “likely scam” after a new system by the Infocomm Media Development Authority (IMDA), dubbed the SMS Sender ID Registry, kicked in on Tuesday to alert users to possible scam messages. But some of these SMSes marked as “likely scam” have come from legitimate businesses for genuine communications, leading to confusion among some Internet users.


SMSes from organisations not registered with IMDA to be labelled ‘likely scam’ from Jan 31
All organisations that send SMSes using alphanumeric sender IDs are required to register with the Singapore SMS Sender ID Registry. PHOTO: IMDA

Recipients of SMSes from organisations that have not signed up with a registry by the Infocomm Media Development Authority (IMDA) will see the text messages labelled as “likely scam” from Jan 31.

In a move to tackle the scam scourge here, IMDA has announced that all organisations that send SMSes using alphanumeric sender IDs are required to register with the Singapore SMS Sender ID Registry (SSIR). “This registration is to better protect consumers against non-registered SMSes that may be scams,” said IMDA on Wednesday. It added that consumers who receive SMSes labelled as “likely scam” should exercise caution as the system functions similarly to a spam bin. If they are unsure, consumers are encouraged to check with family and friends.

IMDA said that all organisations that use alphanumeric sender IDs, which typically contain brand names and may carry a mix of both letters and numbers, should register early with the registry. Those that have yet to register are advised to do so, the authority added.

IMDA explains why SMSes from some firms are still being flagged as ‘likely scam’
Some users have reported receiving SMSes from legitimate businesses that were flagged as "likely scam" since Jan 31, 2023. PHOTO ILLUSTRATION: ST FILE

Consumers are still receiving SMSes from legitimate organisations flagged as “likely scam” on the fourth day of the launch of a scheme to alert users to possible scam messages. But the Infocomm Media Development Authority (IMDA) said it could be due to firms not registering all the alphanumeric names in use or applying to be listed only very recently.

The messages flagged on Friday came from Singlife, IHH Healthcare and Tada – all of which said they have applied to have their alphanumeric SMS sender names listed on the Singapore SMS Sender ID Registry run by IMDA. Replying to The Straits Times’ queries on why this is still happening, an IMDA spokesman said: “This could be due to unregistered IDs or new applications for sender IDs by companies very close to or after Jan 31. These IDs are now in the process of being verified.”

The registry, which is said to be able to detect and block spoofed SMSes upfront, labels SMSes that use alphanumeric sender names as “likely scam” if the senders have not listed on it. From July, SMSes from businesses not listed on the registry will be entirely blocked. Explaining that even some registry-listed firms were flagged under the “likely scam” label, the spokesman said registered companies have used IDs that are unregistered by mistake. “IMDA is working with the companies to ensure their IDs are registered.”


4 common types of scams and how to recognise them
In the recent scams involving OCBC Bank, fraudsters sent SMS messages claiming to be from the bank to trick its customers. ST PHOTO: JASON QUAH

Scams are on the rise. Nearly 470 OCBC Bank customers lost at least $8.5 million to a spate of SMS phishing scams last month, and other banks such as DBS and UOB recently warned of similar scams impersonating bank employees.

Here are some of the most common types of scams going around:
  • SMS phishing scams - In the recent scams involving OCBC Bank, fraudsters sent SMS messages claiming to be from the bank to trick its customers.
  • Impersonation scams - Another type of phishing scam involves crooks posing as authority figures such as the police, job recruiters or government officials.
  • E-commerce and delivery scams - Scams involving fake item listings often take place on e-commerce marketplaces, auction sites or trading features on social media platforms.
  • Love scams - Posing as attractive potential partners, scammers usually target vulnerable victims on dating and social media platforms, often using stolen photos on their profiles.

DEEPFAKE VIDEO OF PM LEE PROMOTING SOME INVESTMENT SCAMS

Imagine this: you’re leisurely scrolling through your usual YouTube shorts, and suddenly, an unexpected advertisement pops up.

Prime Minister (PM) Lee Hsien Loong appears to be promoting a crypto-trading video on the Beijing-based news outlet China Global Television Network (CGTN). Yes, PM Lee seems to be discussing the benefits of a hands-free crypto trading platform, which boasts the ability to compute algorithms, analyse market trends, make strategic investment decisions, and execute trades—all autonomously, without any manual input from the user.

On 29 Dec, PM Lee shared a recent deepfake video that has been circulating online. Elaborating on the type of scam involved, PM Lee explained that scammers employ AI (artificial intelligence) technology to mimic our voices and images. They transform real footage of us, taken from official events, into very convincing but entirely bogus videos of us purportedly saying things we have never said. PM Lee urged people not to respond to such scam videos, which promise guaranteed returns on investments.


DEEPFAKE VIDEO OF DPM LAWRENCE WONG SELLING SOME INVESTMENT SCAM

With the rise of artificial intelligence (AI), it’s sometimes difficult to tell what is real anymore. A deepfake video of Deputy Prime Minister Lawrence Wong promoting an investment scam has been circulating on Facebook and Instagram. The worst part is that it looks real.

Deepfakes are media that have been altered by AI to look or sound like someone. In the video, DPM Wong’s mouth is altered to synchronise with a fake voiceover that sounds like him. Yes, the voiceover mimics the pitch and intonation of DPM Wong’s actual voice. Don’t believe me? You can watch the deepfake video here

Notably, the video was made from modified footage of DPM Wong giving an interview recorded by The Straits Times. The deepfake video promotes an investment scam, even using terms reminiscent of a DPM speech, like “my dear Singaporeans”.


Artificial Intelligence Impersonation

Fake advertisements that name Prime Minister Lee Hsien Loong and use his image to promote crypto scams, among others, have been seen on the Internet recently, Mr Lee said on Facebook on Saturday night.

He said such advertisements, which tend to surface after a major speech or announcement with lots of media coverage, have re-emerged in the past few days.

“If the ad uses my image to sell you a product, or asks you to invest in some scheme, or even uses my voice to tell you to send money, it’s not me,” he added.