- Kyle Chua
At Least S$445,000 Lost to Phishing Scams in Singapore Since March 2023
Updated: Dec 19, 2023
Don't be too quick to trust the ads you come across in social media platforms like Facebook and Instagram.
The Singapore Police Force on Thursday, 13 April, said at least 113 Android users have fallen victim to phishing scams since March, amounting to losses no less than S$445,000, according to The Straits Times.
The victims reportedly saw ads for home services and food items on social media and contacted the number provided via WhatsApp. They were then sent a link that redirected them to download an app that would supposedly allow them to book the service or purchase the items they saw in the ads. After that, they were taken to fake Internet banking sites, where they were asked to key in their banking credentials, including credit card information. The applications the victims downloaded contained malware that copied the information they keyed in and sent it to the cybercriminals. This included SMS one-time passwords that are needed to verify transactions.
"These would be used by scammers to access and make unauthorised transactions in the Android phone’s internet banking app," said the authorities, noting how the victims only realised they were scammed when they saw that unauthorised transactions were being made using their cards.
"Always exercise caution when clicking on advertisements embedded within applications that lead to a third-party website that prompts downloads of files."
The authorities advised only downloading apps from official app stores like the Google Play Store, for example. Users can also check developer information, along with the number of downloads and user reviews, to further verify if an app is indeed legitimate.
Android Package Kit (APK) files from the Internet or third-party sites, on the other hand, could be suspicious. While there are legitimate APKs out there, cybercriminals typically trick victims into using this install method as it bypasses the safeguards of the Google Play Store. For those unfamiliar, APKs are installation files for Android apps that are downloaded online.
"Do not grant permission to persistent pop-ups that request for access to your device’s hardware or data," the authorities added.
They recommend installing the ScamShield app and setting security features such as two-factor authentication to further minimise the risks of falling victim to scams.
Singaporean authorities said at least 113 Android users have fallen victim to phishing scams since March, amounting to losses of no less than S$445,000.
The cybercriminals reportedly lured victims through ads about home services and food products on social media.
"Always exercise caution when clicking on advertisements embedded within applications that lead to a third-party website that prompts downloads of files," advised authorities.