At least 43 victims lose more than $1.2m to malware scams spread through ads for travel packages

Farah Daleymail

Posted on 06 October 2023 | 1,584 views | 9 comments

In a new variant of a malware scam, at least 43 victims have been tricked into losing a total of $1.2 million in September 2023, after responding to advertisements promoting travel packages on social media platforms such as Facebook and Instagram.

The police reported that the victims came across ads promoting cruises, tour packages, concert tours, and durian tours.

The supposed sellers would engage the victims on WhatsApp and instruct them to download an Android Package Kit (APK) via WhatsApp or malicious links to pay booking fees. This APK, an application created for Android's operating system, contains malware, enabling scammers to access the victims' devices remotely and steal their banking credentials and passwords.

Victims were also asked to enter their internet banking login details into a fake banking window within the app or make PayNow or bank transfers for the booking fees. Subsequently, they discovered unauthorised transactions from their banking accounts.

The police have advised the public to be wary of downloading apps from third-party or dubious sites.

To protect themselves, they should add ScamShield to guard against scam calls and SMSes, add anti-virus applications and ensure these apps are updated to scan for the latest malware.

They should also disable "Install Unknown App" or "Unknown Sources" in their phone settings and not grant permission to persistent pop-ups that request access to their device's hardware or data.

The public should check for scam signs with official sources, only download and install applications from official app stores, and be sceptical if asked to download unknown apps to purchase items or services on social media platforms.

They should also report any suspicious content or advertisement to Facebook and Instagram, and any fraudulent transactions to their bank immediately.

If anyone has already downloaded and installed the app, or suspects that their phone is infected with malware, they should turn their phone to "flight mode", run an anti-virus scan on their phone, check their bank account/Singpass/CPF for any unauthorised transactions using other devices, and report to the bank, relevant authorities, and lodge a police report.

For more information on scams, the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688.

Get more of Stomp's latest updates by following us on Facebook, WhatsApp, Twitter, Instagram and YouTube.

Related Stories
2 men arrested for banking-related malware scams: $25k cash, luxury watches, gold bars and more seized
Couple allegedly received $24.7m for branded watches they knew they couldn't deliver
Man, 74, loses $70k life savings to scammer who told him he 'had a lot of wisdom and experience'
More About: 
scam
advisory
police