At least 27 victims have lost $325,000 to mooncake scams in August 2023

It's mooncake season -- but beware of getting your money eaten by scammers.

The police said in an advisory on Tuesday (Sept 5) that they have observed a new variant of scams involving the sale of mooncakes on social media platforms such as Facebook and Instagram.

At least 27 victims have fallen prey, with total losses amounting to at least $325,000, in just August alone.

In these cases, victims would come across advertisements on Facebook and Instagram for the sale of mooncakes where buyers would contact the 'sellers' via the social messaging platforms to place orders.

The scammers would then engage victims on WhatsApp and direct them to malicious links to purchase the items and/or make payment.

These malicious links will lead victims to download an Android Package Kit (APK) file, an application created for Android's operating system, that contains malware.

In some cases, victims were first instructed to make PayNow or bank transfers for the purchase of mooncakes.

Thereafter, the scammers would inform victims that their orders had to be cancelled due to production or manpower issues. In order to get their refunds, the victims would then be directed to the malicious links to download an APK file.

After downloading and installing the APK file (which includes granting the app accessibility services), the scammers will be able to access the victim's device remotely to steal passwords. The malware with keylogging capabilities would also retrieve the victim’s banking credentials.

Victims would then discover unauthorised transactions from their banking accounts.

Members of the public are reminded of the dangers of downloading apps from third-party or dubious sites, and to adopt the following precautionary measures:

• ADD - anti-virus/anti-malware apps available on official Play Store or App Store to your device. Update your devices’ operating systems and applications regularly to be protected by the latest security patches. Disable “Install Unknown App” or “Unknown Sources” in your phone settings. Do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.

• CHECK - for scam signs with official sources (e.g., visit www.scamalert.sg or call the Anti-Scam Helpline on 1800-722-6688). When asked to download unknown apps, check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is a reputable and legitimate application.

• TELL - authorities, family, and friends about scams. Report the number to WhatsApp to initiate in-app blocking and report any fraudulent transactions to your bank immediately.

Those who have already downloaded and installed the app, or suspect that their phone is infected with malware, should take the following steps:

1. Turn your phone to 'flight mode'.

2. Run an anti-virus scan on your phone.

3. Check your bank/Singpass/CPF accounts etc for any unauthorised transaction(s) using other device(s).

4. If there are unauthorised transaction(s), report to the bank, relevant authorities, and lodge a police report.

5. After completing the above steps, if you believe that your phone has not been infected with malware, you may resume usage of your phone. As a further precaution, you may consider doing a 'factory reset' of your phone and changing important passwords.

If you have any information relating to such crimes or are in doubt, call the police hotline at 1800-255-0000 or submit it online at www.police.gov.sg/iwitness. All information will be kept strictly confidential.

Dial '999' for urgent police assistance.

For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688.