At least 113 Android users fall prey to phishing scams since March, losing more than $445,000

At least 113 Android phone users have fallen prey to phishing scams involving malware installed on their devices since March, with total losses amounting to at least $445,000.

The police said on Thursday that the victims would come across home advertisements for home services, including cleaning and maid services and pet grooming) or the sale of food items like durians on social media platforms, including Facebook and Instagram.

The victims would then contact the scammers via social messaging platforms or WhatsApp and the scammers would send a URL, directing them to download an app to book the services or to make their purchases.

Victims would be directed to fake internet banking login sites to key in their ibanking credentials and/or card information, to make payment within the application.

Unknown to the victims, the application would contain malware that would redirect the victim's banking credentials and SMS one-time passwords from the victims' phones to the scammers.

These would be used by scammers to access and make unauthorised transactions in the Android phone's ibanking app.

The victim would only realise that they had been scammed when they discovered unauthorised transactions made to their bank accounts or charges to their credit/debit card.

The police remind members of the public of the dangers of downloading applications from third-party or dubious sites that can lead to malware being installed on victims' mobile phones, computers, and other information communications technology (ICT) devices.

Scammers will trick victims into installing malware-infected applications that are outside the app store.

Members of the public are advised not to download any suspicious Android Package Kit (APK) files on their devices as they may contain phishing malware.

The police advise members of the public to adopt the following precautionary measures:

  1. ADD - ScamShield App and set security features (e.g., enable two-factor (2FA) or multifactor authentication for banks and set transaction limits on internet banking transactions). Ensure that your devices are installed with updated anti-virus/anti-malware applications and your devices’ operating systems and applications are updated regularly to be protected by the latest security patches. Disable “Install Unknown App” or “Unknown Sources” in your phone settings.

  2. CHECK - For scam signs and with official sources (e.g., visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688). Only download and install applications from official app stores (i.e., Google Play Store for Android). As an added precaution, check the developer information on the application listing as well as the number of downloads and user reviews to ensure it is a reputable and legitimate application. Always exercise caution when clicking on advertisements embedded within applications that lead to a third-party website that prompts download of files. Do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.

  3. TELL - Authorities, family, and friends about scams. Report any fraudulent transactions to your bank immediately.

For more information on scams, people can visit www.scamalert.sg or call the Anti-Scam Hotline on 1800-722-6688. Anyone with information on such scams may call the police hotline on 1800-255-0000 or submit information confidentially online at www.police.gov.sg/iwitness

Mobile device users can also learn more about protecting themselves against malware at https://www.csa.gov.sg/alerts-advisories/Advisories/2021/ad-2021-008