At least 21 victims lose $210,000 to malware scams in September after clicking on FB ads

At least 21 victims lost $210,000 to malware scams involving the sale of second-hand goods on fraudulent Facebook advertisements in September 2023.

The police said they have observed an emergence of the scam and advised members of the public to be wary of fraudulent advertisements, especially when purchasing or selling items and services on Facebook.

In these cases, victims would respond to Facebook ads from scammers purportedly looking to buy second-hand goods such as clothes, electronics and furniture. They would contact the scammers to enquire about the process.

The scammers would then direct victims to communicate on WhatsApp.

When both parties came to an agreement on the prices for the secondhand goods to be sold, the victims would be instructed to download an Android Package Kit (APK) over WhatsApp.

They might also be given malicious links to download the APK to post pictures of the items they wish to sell or to receive deposit payments.

The APK is an application (app) created for Android’s operating system and contains malware.

After downloading and installing the APK file (which includes granting the app accessibility services), the scammers will then be able to access the victim's device remotely to steal their bank credentials and passwords.

Victims would subsequently discover unauthorised transactions from their banking accounts.

Members of the public are cautioned about the dangers of downloading apps from third-party or dubious sites, and advised to adopt the following precautionary measures:

• ADD - anti-virus/anti-malware apps available on official Play Store or App Store to your device. Update your devices’ operating systems and applications regularly to be protected by the latest security patches. Disable “Install Unknown App” or “Unknown Sources” in your phone settings. Do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.

• CHECK - for scam signs with official sources (e.g., visit www.scamalert.sg or call the Anti-Scam Helpline on 1800-722-6688). When asked to download unknown apps, check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is a reputable and legitimate application.

• TELL - authorities, family, and friends about scams. Report the number to WhatsApp to initiate in-app blocking and report any fraudulent transactions to your bank immediately.

Those who have already downloaded and installed the app, or suspect that their phone is infected with malware, should take the following steps:

1. Turn your phone to 'flight mode'.

2. Run an anti-virus scan on your phone.

3. Check your bank/Singpass/CPF accounts etc for any unauthorised transaction(s) using other device(s).

4. If there are unauthorised transaction(s), report to the bank, relevant authorities, and lodge a police report.

5. After completing the above steps, if you believe that your phone has not been infected with malware, you may resume usage of your phone. As a further precaution, you may consider doing a 'factory reset' of your phone and changing important passwords.

If you have any information relating to such crimes or are in doubt, call the police hotline at 1800-255-0000 or submit it online at www.police.gov.sg/iwitness. All information will be kept strictly confidential. Dial '999' for urgent police assistance.

For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688.