How Malware takes remote control of your HP after you download 3rd party apps
Update 27 Jan 2024: Son shares that his parents invested “millions with an FA, and now they can’t get it back.”
A concerned son recently took to social media to share that his parents invested millions with a financial agent a few years back, and now they “can’t get it back.” Desperate to resolve this alarming problem, he sought advice from his fellow Singaporeans on Reddit.
“Is there anything at all I can do to get this money back so my parents can finally retire in their late 60s? Any advice is appreciated, as I can’t bear to see him [financial agent] continually lying to my parents. Thank you.” u/YogurtclosetBig5019 wrote on subreddit r/SingaporeRaw on Thursday (Jan 25). He stated that this agent gained the trust of his parents despite the fact that there is no ‘black and white’ for his investments. Extremely skeptical of the agent’s ways, he and his siblings even told their parents that the man was not trustworthy, and even if they do decide to go through it, it should at least be done through legal and proper means. However, the parents didn’t heed their children’s advice.
Their suspicion only grew bigger when, a few weeks ago, their parents tried to withdraw their investments but couldn’t.
“As their business is struggling, they need the cash, but this FA said that it’s not a good time to pull out their investments as they’re in the red. I know it’s stupid to allow someone, without any legal backing, to ‘help you invest’,” the son shared. At this point, they now suspected that the agent had been investing in penny stocks and had lost a huge chunk of his parents’ money. “I’m urging my parents to pull out, but this FA keeps delaying. I won’t be surprised if it’s not even in SG (as he has a Vietnam wife – very sus I know),” he added.
WOMAN SCAMMED OF $5,500 BY FAKE ROMEO TAN WHO PROMISED TO “MARRY” HER
We may all scoff and “tut-tut” over the many scam awareness campaigns around our island, fully believing that we are too socially aware in this day and age to be victims.
However, this latest incident will prove why these awareness campaigns are still very much needed. A 39-year-old auditor, Ms Yan, shared to Lianhe Zaobao the harrowing experience of her 46-year-old sister, who fell victim to an elaborate scam involving a fake local actor claiming to be Romeo Tan. Romeo Tan is a 39-year-old Singaporean actor who is a household name amongst avid consumers of local television.
The ordeal began in December 2023, with the imposter wooing the victim on various platforms, ultimately leading her to transfer S$5,500 to them.
Elderly woman avoids losing S$260,000 to scammers after StanChart employee intervenes
An elderly woman narrowly avoided losing more than S$260,000 (US$194,200) to scammers, thanks to a quick-thinking Standard Chartered Bank employee.
In a press release on Friday (Dec 8), the Singapore Police Force (SPF) said that the 79-year-old woman received an unsolicited call from a scammer impersonating a bank officer in September this year.
The scammer alleged that her account had been frozen for investigation, before transferring the woman over to a second person who impersonated a police official. The woman was then instructed to report her whereabouts four times a day and not to divulge details about the investigation.
Mother of 2 loses $320k life savings in scam: 'Everything fell apart'
She didn't just lose her money in this encounter - she lost her faith in humanity as well. Adeline (not her real name) shared with AsiaOne on Nov 10 that she had fallen for an investment scam in October, one which caused her to lose more than $320,000 in just a month.
She was first approached by an individual through Instagram, who presented himself as a high-flying businessman. The scammer chatted with Adeline about their hobbies and work life, before asking her to switch to WhatsApp to continue their conversation. After two weeks of interaction, the two became 'friends' and the 'businessman' allegedly offered Adeline an opportunity - to invest in trading gold commodities through a "seed" investment platform, purportedly based under a larger, reputable investment company. Seed investment refers to financing startups in order to aid their development.
He then showed her detailed information to convince her, and although Adeline wasn't keen on taking the plunge, she eventually acquiesced. Her first foray into this 'investment' platform was funded by this scammer who gave her US$2,000 (S$2,721) to experiment with. After turning a quick profit through the platform, the scammer then invited Adeline to invest a larger sum of US$10,000. However, the amount was too daunting for Adeline, who admitted to AsiaOne that she had no interest in the subject and didn't know much about investments.
Gone in 6 months: Woman, 34, loses about $100k after falling for love scam
She expressed her love in kindness by paying off his 'debts' - but did he have any to begin with? A woman became the victim of a love scam and lost about $97,000 to a man who has since been arrested, according to a press release by the police on Friday (Nov 10).
The 34-year-old woman had met a man, 30, through an online dating application last year, reported Shin Min. Utilising a fake identity, the man had cosied up to the victim, convincing her to transfer money to him in multiple occasions between August 2022 and February 2023, resulting in a total sum of over $97,000 transferred. The woman had been told that the money would go towards repaying his debts and covering daily expenses, the police shared. It was only in May this year that the police received a report of this online scam.
After an investigation, the police's Commercial Affairs Department which deals with white-collar crime in Singapore managed to identify the man, arresting him earlier this Wednesday on suspicion of cheating, Shin Min Daily News reported. He will be charged in court on Friday. According to section 420 of the penal code, those found guilty of cheating can be jailed for up to 10 years and are also liable to a fine.
Only 24 cents left: Woman loses $80k life savings after encountering 'wicked' scammer while selling her old clothes
In wanting to recycle her old clothes by selling them online, a woman who recently quit her job to pursue her master's degree lost her life savings of over $80,000 to scammers. Chen Hongcai (transliteration), 38, said she had chanced upon a Facebook advertisement by a recycling company wanting to buy old clothes for restoration purposes on Nov 6, reported 8world. After contacting the company, an 'administrator' later called to inform her about the collection details and sent Chen a link to choose a time slot for collection.
Describing the website as "realistic" with no visible issues, Chen said she only noticed something was strange afterwards, when she realised that the company sells all sorts of miscellaneous items, according to 8world. Explaining that she was not after the money the company had offered, Chen said she thought that the proper way to dispose of her pre-loved clothing was by recycling them. "Thinking back to it now, I realised that it's strange. At that time, I didn't notice that this company has no address and only saw that they could come to my house to pick up the old clothes," she said. The woman claimed she had only selected her desired time slot for collection on the website and that she did not share any personal information with them.
The next day (Nov 7), however, she received a call from POSB at about 9am, informing her that a DBS bank account had been opened under her name the day before. And her savings of over $80,000 were then reportedly transferred out of this new DBS account. "The collection was supposed to be on Tuesday, I spent time organising them and was so happy to be able to recycle my old items. Speaking about this makes me want to cry, the $80,000 is my life savings, and is also the money I use to pay my school fees. "It's so wicked, what should I do about my school fees and living expenses?" Chen bemoaned.
related: Gone in 15 minutes: Woman loses over $72k after downloading app to sell pre-loved kitchen appliances
Cyberattack caused 7-hour internet outage that hit public hospitals, polyclinics
Synapxe said that the Distributed Denial-of-Service (DDoS) attacks are continuing, and there may be occasional disruptions in internet services as a result
The seven-hour disruption to the websites of several public healthcare institutions on Wednesday (Nov 1) was due to a cyberattack, where attackers flooded servers with internet traffic, national health technology provider Synapxe said.
The outage was caused by a Distributed Denial-of-Service (DDoS) attack, Synapxe said in a statement on Friday, adding that it has found "no evidence to indicate that public healthcare data and internal networks have been compromised". A DDoS attack is when IT equipment such as a computer, router or server is flooded with a sudden and enormous volume of traffic from multiple sources. This prevents legitimate users from accessing online services.
Users had reported errors when trying to access the websites of some public healthcare institutions - such as Singapore General Hospital, National University Hospital and Tan Tock Seng Hospital - from about 9.20am on Wednesday. Other internet services such as emails and productivity tools for staff members were also inaccessible.
Negligent banks, telcos may be held responsible for scam victims’ losses as part of proposed measures
Financial institutions and telecommunication companies (telcos) in Singapore may have to compensate their customers who have fallen prey to scams if they are found to have breached their responsibilities.
These responsibilities prescribed under a proposed framework include failure by banks to send outgoing transaction alerts to consumers and telcos failing to implement a scam filter for SMSes. As a start, the framework will focus on phishing scams which account “for a sizeable proportion of unauthorised transactions” here.
These are among the proposals put forth by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) on Wednesday (Oct 25) in a long-awaited consultation paper on how losses arising from scams will be shared between companies and consumers. The shared responsibility framework was first announced in February 2022 after close to 800 OCBC customers lost a combined S$13.7 million to scammers.
$1.4 trillion lost to scams globally; S’pore victims lost the most on average
The most prevalent scams worldwide are those involving online shopping, identity theft and investments
LISBON Scammers stole an estimated US$1.02 trillion (S$1.4 trillion) globally between August 2022 and August 2023, with victims in Singapore losing the most money on average.
This was way higher than the US$55.3 billion lost for the whole of 2021 and the US$47.8 billion lost in 2020, according to a joint study by non-profit organisation Global Anti-Scam Alliance (Gasa) and data service provider ScamAdviser. The latest figure was revealed by Gasa managing director Jorij Abraham during his opening speech on Wednesday at the Global Anti-Scam Summit in Lisbon, Portugal. The annual conference, which is in its fourth year, runs over two days.
The global sum lost to scams was estimated by surveying 49,459 individuals from 43 countries, including Singapore. Participants were asked about the types of scams they encountered and the amount of money they lost to fraudsters, among other questions. The data was then extrapolated based on the country’s population. Explaining the spike in losses over the last reporting year, Mr Abraham said global losses were previously calculated based on figures received from law enforcement agencies, which have their limitations.
Scammers amass $1.02 trillion globally, Singapore lost the most
The figure has surpassed the previous losses of $55.3 billion in 2021 and $47.8 billion in 2020, the report added
Scammers made off with an estimate amount of $1.02 trillion between August 2022 and August 2023 globally with victims in Singapore faced the highest average losses, according to a study by the Global Anti-Scam Alliance (GASA) and ScamAdviser, reported The Straits Times. The figure has surpassed the previous losses of $55.3 billion in 2021 and $47.8 billion in 2020, the report added.
The study emphasised that the average scam victim in Singapore lost $4,031, the highest globally, followed by Switzerland at $3,767 and Austria at $3,484, pointing to the appeal of these affluent nations as targets for scammers. Meanwhile, the data released by the Singapore Police Force (SPF) in February 2023 showed that victims in lost a total of $660.7 million in 2022, up from $632 million in 2021.
Over $1m lost in 15 days: S’porean retiree loses life savings in scam by fake Facebook friend
The scammer sent victim Madam Tan transfer statements from the British bank Barclays which helped ease her fears, but it was all a ruse. PHOTO: ST FILE
Accepting a Facebook friend request from a stranger who asked for help has turned into a nightmare for a 65-year-old Singaporean retiree, who then lost her life savings of $1,078,053.62 in only 15 days.
Madam Tan (not her real name) met a man, “Alvin”, on the social media platform in August, and he claimed to be the Singaporean chief executive of an interior design firm in Britain. He said he was about to complete his final project – a hotel in London – before retirement.
Alvin then asked her to facilitate payments for him – he told her that he could not procure materials from companies in China and had been referred to a particular one in Sabah. But as he could not speak Mandarin, he needed her to act as an intermediary.
Man arrested for cheating victims of over $198,000 in renovation scams
A 55-year-old man has been arrested for allegedly running renovation scams, with victims losing more than $198,000 in total.
The victims had engaged his renovation services after he approached their homes to promote his business. However, once they had paid him, they were unable to contact him.
The police said on Wednesday they had received several reports from individuals who said they had been cheated by the man. Preliminary investigations suggest he may be involved in over 20 cases across Singapore.
related:
Gone in 15 minutes-Woman lost $72.5k downloading 3rd-party app sell used kitchen items
Woman loses $72.5k after downloading third-party app to sell used kitchen items
Gone in 15 minutes
A 68-year-old woman lost more than $72,500 from her POSB bank account in 15 minutes after she downloaded a third-party app in a bid to sell her pre-loved kitchen appliances online.
What she downloaded turned out to be malware that enabled scammers to control her Android phone and drain money from her POSB savings account. The victim, who wanted to be known only as Madam Abdul, a customer service officer, saw a Facebook advertisement on Sept 23 by a purported recycling company called E-Recycle that wanted to buy pre-loved furniture and electronics. She was enticed by the deal, which offered between $30 and $100 for each pre-loved item, with free pick-up.
Hoping to sell several pre-loved kitchen appliances, including a steamboat set and grill, she contacted the so-called buyer through Facebook Messenger. Unacquainted with e-commerce platform Carousell and reluctant to sell the electronics to the karung guni (rag-and-bone collectors) at a low price, she felt the Facebook advertiser offered convenience and more attractive rates.
68-Year-Old Woman Loses Over S$72,500 to Malware-Laden App
In the digital age, cybercrimes are becoming a frequent occurrence worldwide. Singapore, one of the technologically advanced nations, is no exception to this trend. Recently, several individuals have fallen prey to scams involving malware-infected apps downloaded from third-party sites. These scams, often initiated through social media advertisements, have led to substantial financial losses for the victims.
Primarily, the scams unfold with victims responding to advertisements on platforms like Facebook. They are subsequently directed to download an app to facilitate their transactions. Unbeknown to them, these apps are infected with malware, enabling scammers to gain control over their devices and, consequently, their bank accounts. The victims are then subjected to unauthorized transactions, leading to considerable amounts being drained from their savings.
In one alarming instance, a 68-year-old woman lost over S$72,500 from her bank account after downloading a third-party app. She believed the app was required to list her items for sale. The woman was enticed by a Facebook advertisement from a recycling company that expressed interest in buying pre-loved furniture and electronics. After contacting the supposed buyer via Facebook Messenger, she downloaded the app, unaware of the imminent threat. Once the app was installed, the scammers managed to raise her transaction limit and transferred a total of S$72,500 out of her account. Upon realization of the financial loss, the victim and her son lodged a police report. The incident is currently under investigation.
Single mum who lost $89k to a job scam thought she could earn $18k in a week
After realising she had fallen for a job scam, Ms Lee made a police report in September about her experience. ST PHOTO: DESMOND FOO
Hoping to be financially independent, a single mother of two took up what seemed like a legitimate marketing job through a Facebook advertisement.
Instead, the 31-year-old lost about $89,000 – about 10 years’ worth of savings – in a week to scammers.
Breaking down while recounting her story to The Sunday Times, Ms Lee (not her real name) said: “I don’t know why I didn’t think more before I took the job. Now, my hard-earned money that I saved over the years is mostly gone.”
related:
Woman loses $30k to job scam, family now facing 'multitude of financial challenges'
A woman wanted to get a part-time job to earn some extra income, but she ended up paying a hefty price instead.
JT, 42, had received a WhatsApp message on Sept 17 from a person who claimed to be Ashley Tan from local recruitment agency The Supreme HR Advisory, her daughter Elaine Goh told AsiaOne on Monday (Oct 2).
Tan told JT she found her phone number on JobStreet and informed her that a company called Q00 Media was hiring marketing staff.
related:
S'porean single mother, 49, unknowingly downloads Chrome-resembling malware, loses S$28,000
A Singaporean single mother lost S$28,000 after a hacker cleaned out S$8,000 from her bank account and took another S$20,000 from a credit line which they applied under her name without her knowledge.
The 49-year-old woman said she had downloaded malware unknowingly, which allowed the hacker full control of her phone remotely, reported Shin Min Daily News. The single mother, surnamed Chen (transliteration from Mandarin), told Shin Min reporters that she received a notification on her phone at around 6pm on Jul. 18, 2023, informing her that a transfer of S$6,000 had been made.
However, when the notification disappeared after she clicked on it, Chen suspected something might be wrong. She checked her bank account online and found only S$4 left. Shocked, she immediately contacted her bank to freeze her account, alerted the police, and handed her phone to the police for investigation.
At least S$1.2 million lost to Android malware scams involving travel package ads
About S$1.2 million (US$875,000) was lost to Android malware scams involving advertisements for travel packages on social media platforms in September, with at least 43 victims falling prey to such scams.
In this scam variant, victims would come across advertisements on Facebook or Instagram promoting cruises, tour packages, concert tours and durian tours, the Singapore Police Force (SPF) said in a news release on Thursday (Oct 5). Victims would respond to the ads, and the "sellers" would engage them on WhatsApp before directing them to download an Android package kit (APK) file to pay their booking fees. The APK file would be downloaded over the messaging app or via a malicious link provided by the scammers. APK files are used to install apps created for the Android operating system.
Victims would download and install the APK file which would enable the scammers to access their devices remotely to steal their banking credentials and passwords. Victims could also be instructed to input their internet banking login details into a fake banking window in the app or be asked to make PayNow or bank transfers for the booking fees. The victims would later discover unauthorised transactions from their banking accounts.
At least 11 people lost $403k in a month to fake Sheng Siong, FairPrice app scams
There is a variant of malware scams that involves fake Sheng Siong and FairPrice Group mobile applications, the police warned on Friday. At least 11 people have lost a total of $403,000 or more since September, the police added.
In such cases, the victims click on online advertisements – many of which are posted on Facebook – promoting food items such as rice, cookies and ducks. They will then be directed to the WhatsApp messaging platform, where the “sellers” tell them to download an Android Package Kit (APK) over WhatsApp, so they can place their orders. The victims may also be told to download the APK via third-party websites, instead of an official app store such as Google Play Store. The downloaded app will resemble the FairPrice Group or Sheng Siong app.
After the APK file is downloaded and installed, the scammers will gain remote access to the victims’ devices, letting them steal passwords and retrieve banking credentials. Next, the victims will be instructed to make a PayNow or bank transfer to pay for their orders, sign up as members or pay for deliveries. They will discover unauthorised transactions from their bank accounts.
74-Year-Old S’pore Man Downloads 3rd-Party App To Buy Peking Duck, Loses Over S$70K
Recently, reports have emerged of Singaporeans falling victim to scams after encountering advertisements for products on social media. 74-year-old Mr Loh is one such individual, having lost over S$70,000 when he downloaded a third-party app to buy Peking duck. He has since filed a police report.
Speaking to Shin Min Daily News, Mr Loh shared that he came across an advertisement for Peking duck on Facebook named “Xiao Xiao Ya Zi” on 26 Aug. A 1.5kg Peking duck cost just S$23.80 with an additional S$5 for shipping. Mr Loh thus found the offer too good to resist, especially for dinner with his family.
“I thought my grandson would like to eat it,” he said. “So I contacted the seller through WhatsApp.” The seller then told him to download a third-party app called Grab & Go. To complete his order, he had to pay S$5 via PayNow.
related: S’pore Woman Loses S$110K After Downloading App To Buy Durian Tour Tickets, Lodges Police Report
74-year-old man loses $70k after downloading third-party app to buy roast duck
For six hours, a 74-year-old man chatted online with a friendly roast duck seller he met on Facebook, only to find his life savings almost wiped out after. Mr Loh lost about $70,000 to scammers who siphoned money from his DBS and POSB credit card and bank accounts after infecting his Android phone with malware. He had chanced upon a Facebook advertisement for a peking duck from a supplier called “Xiao Xiao Ya Zi” on Aug 26.
He was enticed by the deal that offered $23.80 for a 1.5kg peking duck with $5 shipping and contacted the seller on Facebook. The seller texted Mr Loh on WhatsApp and instructed him through voice messages to download a third-party app called Grab&Go on his phone. The app prompted him to make a $5 payment through PayNow as a “deposit” before his order could be placed. Mr Loh, who used to work as an importer, was initially suspicious of the ad but let his guard down when the seller convinced him that the promotion was not a scam. “I asked him: ‘Is this a scam?’ He said that no one would be cheated of $5 and that this was a small thing. He told me that I had a lot of wisdom and experience. I agreed to proceed since this was a matter of only $5,” he told The Straits Times.
Within minutes, while he was still chatting with the seller, he noticed that his phone screen had gone blank. When his phone restarted multiple times within 30 minutes, Mr Loh tried to close the third-party app and turn off his phone but failed. Panicking, Mr Loh reached out to the scammer, who then reassured him that the phone reset was normal.
related:
Woman loses over $111,000 after downloading third-party app to buy durian tour ticket
Ms Lie had chanced upon an offer for a durian day tour, and was instructed to download a third-party app to browse the tour offers. PHOTO: MS LIE
A part-time bakery worker lost over US$81,000 (S$111,000) to scammers who siphoned money from her two DBS bank accounts after infecting her Android phone with malware.
Ms Lie, 52, had on Sept 10 chanced upon a Facebook advertisement for a $28 durian day-tour ticket to Kulai, Malaysia, from a tour agency called “GD Travel & Tour”.
She was attracted by the offer as she had enjoyed a durian tour in 2022 and contacted the seller on Facebook. The seller texted Ms Lie on WhatsApp and instructed her through voice messages to download a third-party app called EG Store on her phone to browse the tour offers.
related:
Woman finds $10 deal for fish fillets on Facebook, ends up losing over $44k to scammers
Ms Jacqueline Khoo, 58, lost $44,487 from two credit card accounts and three bank savings accounts from POSB in a few hours after she clicked on a link to download a third-party app, following which scammers then increased her credit limits and siphoned out her money. Ms Khoo had chanced upon a Facebook advertisement for grouper fillets from a seafood supplier called “Fresh Market TGS” on Aug 25.
She was attracted by a deal that offered $10 grouper fillet with free shipping and contacted the seller on Facebook. “Although I never bought anything from Facebook before, I had previously bought fish and pork from Shopee and Qoo10. I was not suspicious of the ad and it never occurred to me that this was a scam,” she told The Straits Times.
$45k, gone: Uncle downloads computer clean-up tool, gets half his savings wiped out
He had wanted to "clean up" his computer's hard drive, but what it cleaned out instead, was his bank account. The total losses suffered? Some $45,000 — about half of his savings.
The 71-year-old retiree, surnamed Chen, told Shin Min Daily News that the incident occurred in January this year. Chen shared that he'd received a call from a bank on the morning of January 31, informing him of the dozens of suspicious transactions which took place in the wee hours of the night. A total of 47 transactions had been made from 2am, before the bank froze the account. Checking through his statement, Chen saw that the amount transferred out of the account each time was no more than $1,000.
He suspected that this was because transactions above $1,000 would have triggered a notification from the bank, and noted that the outcome might have been worse if the bank had not stepped in. The cybercriminals had taken a total of about $37,000, Chen revealed. The account had contained more than $90,000 initially. Chen made a police report the next day, and suspended his credit card as well as all digital banking services.
related:
S'pore finance consultant, 50, loses S$60,000 after downloading app to buy cheap beer seen on Facebook ad
When a 50-year-old man in Singapore expressed interest in buying cheap alcohol promoted via a Facebook ad, scammers convinced him to download a malicious app which gave them control over his phone.
Despite not making a transaction on the app, he was tricked into revealing his bank details when scammers arranged for a S$10 "rebate" to be sent to his bank account.
He found out the next morning that one of his bank accounts had been raided, with S$60,000 transferred out to two unknown accounts.
related:
Woman loses nearly $30k after downloading third-party app via WhatsApp
A 34-year-old woman lost close to $30,000 after scammers took control of her phone when she downloaded a third-party app.
Enticed by what seemed like a good deal, she clicked on the link, which directed her to a WhatsApp business account. Over the next few days, she tried but failed to check out groceries worth about $30 she ordered via the app. But on May 25, when the account holder said she could make payments, Ms Tan realised that another person was controlling her phone when a notification popped up asking her approval for a transaction of more than $4,000.
She then noticed that six transactions had been made through her DBS Bank account over 22 minutes. Every transaction was worth close to $5,000, and they totalled $29,877.90. Mr Kevin Reed, chief information security officer of cyber-security company Acronis, said such a scam is a result of malvertising, or malicious advertising, where online platforms allow their users to create advertisements targeting a specific audience and include links to anything from a Web page to a direct software download.
Joo Chiat restaurant discovers $4,600 loss caused by diner who used fake PayNow screenshots
A seafood restaurant in Joo Chiat recently discovered that they lost around $4,600 to a diner who allegedly claimed to have made payment but didn’t actually transfer the money over.
The owner of Home of Seafood, Bob, told Shin Min Daily News on Monday (Sept 11) that the diner had done so on numerous occasions, each time racking up bills from $50 to $200.
The restaurant allows customers to pay via PayNow. They simply have to send a screenshot of the completed transaction via WhatsApp.
Woman loses $76,000 after downloading third-party app to buy mooncakes
An order of mooncakes cost one woman $76,000, after scammers took control of her phone through a third-party app and siphoned the money from her bank account.
Ms Lee, an administrative executive, had chanced upon a Facebook advertisement for bunny-shaped mooncakes filled with Mao Shan Wang durian from a bakery called “Sunshine Cake House” on Sept 14.
Enticed by the deal of $29.90 for a box of eight, she messaged the seller on Facebook, who passed her number to a “delivery man”.
related:
At least 27 victims have lost $325,000 to mooncake scams in August 2023
It's mooncake season -- but beware of getting your money eaten by scammers. The police said in an advisory on Tuesday (Sept 5) that they have observed a new variant of scams involving the sale of mooncakes on social media platforms such as Facebook and Instagram.
At least 27 victims have fallen prey, with total losses amounting to at least $325,000, in just August alone. In these cases, victims would come across advertisements on Facebook and Instagram for the sale of mooncakes where buyers would contact the 'sellers' via the social messaging platforms to place orders.
The scammers would then engage victims on WhatsApp and direct them to malicious links to purchase the items and/or make payment. These malicious links will lead victims to download an Android Package Kit (APK) file, an application created for Android's operating system, that contains malware. In some cases, victims were first instructed to make PayNow or bank transfers for the purchase of mooncakes.
Woman left with $0.06 after clicking on link and losing $37k, blames bank for not freezing account
She saw an ad for thunder tea rice on social media and couldn’t resist the offer. In the end, it proved too good to be true, and she ended up a victim of scam, losing over $37,000.
Speaking to Shin Min Daily News, Zhong Luo, 48, said a website was selling the Hakka dish for $7.90 each, with a buy-two-get-one-free deal. “There are few sellers of the dish in Singapore, so I decided to buy three servings for my family," Luo said. She contacted the seller via a messaging app and was given a link to a form for customers to fill in their delivery address.
When she clicked on the link, however, an app called “Grab and Go” was downloaded on her mobile phone instead. The next afternoon, Luo noticed that her phone was unresponsive – no matter how she swiped, she would always be directed back to the home screen. At 4pm, she received a call from her bank notifying her of an outgoing $6,000 transfer. "I told the bank to freeze my account right away as I hadn't transferred the money," Luo said.
Woman swears to 'never shop online again' after losing almost $40,000 in tingkat scam
A woman lost almost $40,000 after unwittingly downloading malware onto her phone and allowing scammers access to her bank account.
Ms Zheng said she came across a Facebook advertisement for a tingkat delivery service by a company called Fat Boon on July 4. The 48-year-old supervisor told Shin Min Daily News: "I wanted to order dinner for me and my sister.
This store let us order a week's worth of meals, consisting of three dishes and one soup for $78. "I thought it was not bad and contacted them. They told me to download an app in order to place an order."
Single mum loses $28,000, left with $4 in bank after clicking FB ad
A single mother lost $28,000 -- money that she did not even have -- after hackers gained remote access to her phone. According to Shin Min Daily News, hackers not only transferred a balance of $8,000 out of her bank account, but also applied for a cash advance of $20,000.
Ms Chen, a 49-year-old who works in the education sector, said she received a notification on her phone on July 18, informing her about a $6,000 transfer. However, the notification disappeared when she clicked on it.
Sensing that something was amiss, Ms Chen logged into iBanking and discovered that there was only $4 left in her bank account. She immediately contacted the bank to freeze her account. She also contacted the police and handed her phone to them. It was found that scammers had used malware to hack into her phone and transfer the money.
Another woman falls for 'healthy meal' scam, in tears after bank balance goes from $20k to $0
Ms Lim, 54, lost almost $20,500 from a credit card account and two DBS Bank savings accounts in hours after she clicked on a link to download a third-party app, following which scammers then increased her credit limits and siphoned out all her money. She had been looking for healthy tingkat (tiffin) meal delivery options for her elderly parents, and on July 26, she made an inquiry after seeing a Facebook advertisement from a company called Healthy Box. The ad appeared to be from local caterer Grain, whom she had ordered from before. Hence, she was not suspicious.
She contacted the poster of the ad via Facebook Messenger, after which the conversation continued on WhatsApp at around noon that day. After the person confirmed they were from Grain, they sent her a link via WhatsApp to download an app – one that she had not used before – to make the order. She then installed the app, which she said looked exactly like the mobile-enabled version of Grain’s site. When asked to make payment of $58 via PayNow to another number, she received a message saying that the vendor had not installed PayNow and that she could send the vendor a link to do so.
Husband can't believe that accountant wife lost $18,000 in 'healthy meal' scam
A woman fell prey to a scam that saw $18,000 getting swiped from her bank account – all because she downloaded an app on her phone after responding to a Facebook advertisement.
Even her husband was in disbelief that the normally sharp-witted accountant would be vulnerable to scammers, reported Shin Min Daily News. Mrs Deng, a 59-year-old accounting manager, came across the advertisement for a healthy meal package on July 25. Known as Healthy Box, the service was offering three dishes and one soup for $58 including delivery fees.
"I was enticed by the offer so I contacted them via Facebook, provided my phone number and arranged for delivery," said Mrs Deng. Someone claiming to be from the food delivery service contacted Mrs Deng while she was at work the following day, asking for her address and dietary preferences.
Woman loses over $20k from credit card and bank accounts after downloading third-party app
A food delivery order that was supposed to cost $58 ended up costing Ms Lim (not her real name) over $20,000 after scammers took control of her Android phone and banking details remotely.
Ms Lim, 54, lost almost $20,500 from a credit card account and two DBS Bank savings accounts in hours after she clicked on a link to download a third-party app, following which scammers then increased her credit limits and siphoned out all her money.
She had been looking for healthy tingkat (tiffin) meal delivery options for her elderly parents, and on July 26, she made an inquiry after seeing a Facebook advertisement from a company called Healthy Box.
related:
Android phone users lose $10 million to malware scam which executes unauthorised banking transactions
More than 50 victims have lost more than $10 million in the first half of 2023 after downloading malware onto their phones.
The police said in a statement that they have observed a new variant of malware scams where factory reset would be initiated by scammers on the victims' infected devices after malware executes unauthorised transactions on the phone's banking app. Victims would come across advertisements for various devices, including food purchase, home cleaning, and pet grooming, on social media platforms like Facebook and Instagram.
The victims would contact the 'sellers' via the social messaging platforms or WhatsApp and would then be sent a URL to download an Android Package Kit (APK) file, an application created for Android's operating system. After downloading and installing the APK file, which includes granting the app accessibility services, the victims would then be instructed to make a PayNow transfer of $5 as a deposit for these services.
At least 360 people lose more than $43k to scammers listing free items online
There has been a resurgence in the number of scams involving freecycling, a green movement in which the community gives away items that are no longer needed instead of selling them or throwing them away.
The police said at least 360 victims have lost over $43,000 to such scams. Victims would come across free giveaway offers or sale of second-hand items posted by scammers on online platforms such as Facebook, Telegram and WhatsApp. These free giveaway offers or second-hand items range from bicycles to bulky kitchen appliances, including washing machines or refrigerators. The victims would contact the scammers using the respective platform's in-app messaging function and would then be directed to pay for the selected second-hand items.
Similarly, for the free giveaway items, scammers would ask victims to pay a delivery or reservation fee. Payments would be made via bank transfers like PayNow or through e-wallets including Singtel Dash or GooglePay. Victims would only realise they had been scammed when they did not receive their items.
At least 6,600 people have lost more than $96.8 million to job scams since January
At least 6,600 victims have fallen prey to job scams since January this year, with losses amounting to at least $96.8 million.
The police want to alert members of the public to a job scam variant involving scammers who would entice victims by giving them a commission for the completion of simple surveys before offering them fake job opportunities. Victims would receive unsolicited WhatsApp or Telegram messages asking them to participate in a survey or questionnaire. They may also be asked to boost social media posts by liking them.
Upon completion of these 'tasks', the victims would receive a small commission. After victims were convinced that they could earn a commission, scammers would provide another WhatsApp or Telegram contact to the victims to join another group to perform more rewarding tasks. These would include 'boosting' the value of cryptocurrencies and/or 'reviewing' online merchants.
At least 4,800 victims lose $15.7 million to scammers posing as their friends since Jan 2023
At least 4,800 victims have lost $15.7 million to scammers impersonating someone they know since January 2023. The police cautioned members of the public about a persistent trend observed in relation to the fake friend scam variant, which involves scammers contacting victims through text messages and calls, pretending to be someone they know and thereafter asking for financial assistance.
In these cases, victims would receive phone or WhatsApp calls from unknown numbers (with or without the '+65' prefix). Some victims would receive text messages instead of calls. The scammer would claim to be a friend or acquaintance and asked the victims to guess his or her real identity. In response, the victims would then provide the name of a friend whom they believed the caller could be, allowing the scammer to assume the identity of the said friend and ask the victims to update their contact details.
The scammer would subsequently contact the victims to ask for a loan, and claim that they are unable to perform a banking transaction or are experiencing financial difficulties. Victims would then be provided with a local bank account to transfer the money. "Victims would only discover that they had been scammed after contacting their actual friends or acquaintances whom the scammers had impersonated, or when their loan was not returned as promised," said police.
50 Telegram users lose $18,000 after their accounts taken over by scammers posing as known contacts
At least 50 Telegram users lost a total of at least $18,000 this year after losing control of their accounts to scammers who tricked them into providing their handphone numbers and Telegram-generated login codes.
The scammers would use a compromised account of the user's known contacts: The users would be asked to provide a screenshot of their Telegram chat history.
Unknown to the users, the screenshot would reveal a Telegram-generated login code because the scammers would simultaneously trigger a Telegram login code for the user’s Telegram account.
At least 124 victims lost $330,000 to social media impersonation scams since Jan 1
At least 124 victims have fallen prey to this scam variant from January 1 to July 26, with total losses amounting to at least $330,000.
The scam works in the following ways:
- Victims are approached on social media platforms such as Instagram or Facebook on the pretext of joining, or voting in fake campaigns allegedly organised by local brands (e.g. Lazada, Grab, Shopee). Unknown to the victims, these social media accounts have either been taken over by scammers or were spoofed by culprits impersonating as victims’ relatives or friends.
- The scammers would then ask victims for their phone numbers and/or OneTime Passwords (OTPs) sent out from various platforms (e.g. Microsoft, Grab, Google) in order to receive gift vouchers or monies “won” from the “campaign”.
- The OTPs provided by the victims would be abused by the scammers to approve transactions from the victims’ linked bank accounts/cards to ewallets (e.g. Grab Activation Code). Victims may also lose access to their Instagram/Facebook accounts after giving away OTPs that were meant to reset their account passwords. iv. In some variants, victims may lose access to their Instagram/Facebook accounts after clicking on links that were meant to reset their account passwords or to change the email addresses linked to their accounts.
Beware of new scam offering 'nude chat' or 'girl of your choice': At least $13k lost since July
The police are warning of a new scam involving malicious dating applications, with at least 19 victims falling prey and losing $13,000 since July 2023.
In these cases, victims would receive in-app messages from female subjects on TikTok or over dating apps like MI Chat or Tagged. The victims would be asked to continue the engagement on WhatsApp. The scammers would then entice the victims by asking if they would like to continue chatting via a one-to-one video call while being naked or date the girl of their choice, or to access nude videos/ photographs of the female subjects.
The scammers would send victims a uniform resource locator (URL) link over WhatsApp, requiring the victims to download an Android Package Kit (APK) file, an app created for Android’s operating system. After downloading and installing the APK file, the scammers would be able to retrieve the victims’ banking credentials once they log in to their internet banking accounts. Subsequently, victims would discover unauthorised transactions from their banking accounts.
More victims scammed in first half of 2023 but amount lost dips to $334m
While the number of scam victims increased in the first half of 2023 compared with the same period in 2022, the amount lost fell, with signs emerging that scammers could be changing tactics.
There were 22,339 scam cases reported from January to June 2023, a 64.5 per cent increase from the 13,576 cases during the same period last year.
However, the total amount victims lost in the first half of this year dipped slightly to $334.5 million, from $342.1 million during the same period last year.
related:
Woman who scanned QR code with malware lost $20k to bubble tea survey scam while she was sleeping
The woman visited a bubble tea shop and saw a sticker encouraging customers to do an online survey to get a free cup of milk tea. PHOTO ILLUSTRATION: PEXELS
She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea.
Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.
That night, as she was sleeping, her mobile phone suddenly lit up. Thanks to the app she had downloaded, scammers used it to take over her device and moved $20,000 from her bank account. Worryingly, she is not the only victim of such malware scams.
related:
Bubble Tea app scam how it works
Here is the explanation of the scam. You scan a QR code it takes you to a site to download an app to fill survey to get free bubble tea. After that the scammer empties your bank account.
The video miss out one part of the explanation which is how the scammer get your OTP after getting your userid and password by logging your keystroke and sending back to scammer. When you install the app, it will ask for permission to read sms. Most people will just "allow" once the app installed it can read your incoming sms. The OTP sms is read by the app.
All such scams would have been prevented if we were still using the hardware token.
DBS, UOB become latest banks to restrict access if unverified apps are found on customers' phones
Local banks DBS and UOB are rolling out new anti-scam security measures that include restricting customers from accessing the banks’ digital services on their mobile phones if apps from unverified app stores – also known as sideloaded apps – are detected.
They are the latest banks in Singapore to do so – after OCBC and Citibank – amid a spate of malware scams targeting users of Android devices. DBS said on Tuesday (Sep 26) that its new anti-malware tool for Android phones seeks to prevent scammers from fraudulently logging into customers’ accounts by restricting app access if it detects potential risks.
One such security risk is the presence of malware or malicious applications on customers’ phones. This new function has gone live, the bank’s head of legal and compliance Lam Chee Kin told CNA.
Crypto scam: Inside the billion-dollar ‘pig-butchering’ industry
A 71-year-old man living in California says he lost about $2.7 million last year after falling prey to a crypto investment scam. Funds linked to that scam reached an account in the name of Chinese businessman Wang Yicheng, Reuters found. REUTERS/Carlos Barria
At a Thai police headquarters in October 2022, Chinese businessman Wang Yicheng congratulated one of Bangkok’s most senior cybercrime investigators on his recent promotion, presenting the official with a large bouquet of flowers wrapped in red paper and a bow. Wang, the vice-president of a local Chinese trade group, wished the new cybercrime investigator “smooth work and new achievements”, according to the group’s website, which displays photographs of the event.
Over the past two years, Wang has forged relationships with members of Thailand’s law enforcement and political elite, the trade group’s online posts show. During that time, a cryptocurrency account registered in Wang’s name was receiving millions of dollars linked to a type of cryptocurrency investment scam known as pig butchering, a Reuters investigation has found. In total, crypto worth more than US$90 million (S$120 million) flowed into the account between January 2021 and November 2022. The victim of one of the scams was a 71-year-old California man. According to blockchain analysis company Coinfirm, he sent money to crypto wallets that channelled more than US$100,000 into the account in Wang’s name.
The man’s family told Reuters he lost about US$2.7 million, his life savings, after falling prey to someone claiming to be an attractive young woman called Emma. The previously unreported transactions provide rare insight into the finances of pig-butchering scams, which involve engaging unsuspecting people online. Scammers cultivate trust and then persuade victims to invest in fraudulent crypto schemes, sometimes via fake websites built to look like legitimate trading platforms. Sometimes the targets initially receive real returns to trick them into believing the scheme is legitimate. Such scams have drawn intensifying scrutiny from global law enforcement over the past year, but little is publicly known about the people behind them.
List of recommended antivirus apps released by CSA as mobile security threats rise
For the first time, Singapore's cyber-security watchdog has released a list of recommended antivirus apps, with features such as malware and phishing detection, amid mounting mobile security threats.
The move is part of the latest national campaign by the Cyber Security Agency of Singapore (CSA) launched on Saturday (Sept 30). Besides encouraging the use of antivirus tools and the scam-busting app ScamShield, the campaign urges the public to enable two-factor authentication and use strong passwords, stay alert to phishing scams, and update their software promptly.
CSA listed seven recommended antivirus apps each for Android and iOS devices. The apps, which come in free and paid versions.
Android:
- Avast Antivirus and Security - free
- AVG Antivirus and Security - free
- Kaspersky Antivirus and VPN - paid
- Lookout Security and Antivirus - paid
- McAfee Security: VPN Antivirus - paid
- Mobile Security and Antivirus (Trend Micro) - paid
- Norton360 Antivirus and Security - paid
iOS:
- Avast Security and Privacy - free
- AVG Mobile Security - free
- Kaspersky: VPN and Antivirus - paid
- Lookout - Mobile Data Security - paid
- McAfee Security: Privacy and VPN - paid
- Norton360 Security and VPN - paid
- TM Mobile Security - paid
DEEPFAKE VIDEO OF PM LEE PROMOTING SOME INVESTMENT SCAMS
Prime Minister (PM) Lee Hsien Loong appears to be promoting a crypto-trading video on the Beijing-based news outlet China Global Television Network (CGTN). Yes, PM Lee seems to be discussing the benefits of a hands-free crypto trading platform, which boasts the ability to compute algorithms, analyse market trends, make strategic investment decisions, and execute trades—all autonomously, without any manual input from the user.
On 29 Dec, PM Lee shared a recent deepfake video that has been circulating online. Elaborating on the type of scam involved, PM Lee explained that scammers employ AI (artificial intelligence) technology to mimic our voices and images. They transform real footage of us, taken from official events, into very convincing but entirely bogus videos of us purportedly saying things we have never said. PM Lee urged people not to respond to such scam videos, which promise guaranteed returns on investments.
DEEPFAKE VIDEO OF DPM LAWRENCE WONG SELLING SOME INVESTMENT SCAM
Deepfakes are media that have been altered by AI to look or sound like someone. In the video, DPM Wong’s mouth is altered to synchronise with a fake voiceover that sounds like him. Yes, the voiceover mimics the pitch and intonation of DPM Wong’s actual voice. Don’t believe me? You can watch the deepfake video here.
Notably, the video was made from modified footage of DPM Wong giving an interview recorded by The Straits Times. The deepfake video promotes an investment scam, even using terms reminiscent of a DPM speech, like “my dear Singaporeans”.
Artificial Intelligence Impersonation
He said such advertisements, which tend to surface after a major speech or announcement with lots of media coverage, have re-emerged in the past few days.
“If the ad uses my image to sell you a product, or asks you to invest in some scheme, or even uses my voice to tell you to send money, it’s not me,” he added.
related:
