top of page
  • Kyle Chua

Woman Takes Online Survey for Free Bubble Tea, Loses S$20,000 in Scam

Updated: Dec 19, 2023

Beware of online surveys asking you to install third-party apps on your device.

Wix
Credit: Wix

A 60-year-old woman fell victim to one such scam after she took a supposed "survey" to score a free cup of bubble tea. According to The Straits Times, the victim reportedly scanned the QR code for the "survey" from a sticker pasted on the glass door of a bubble tea shop. She was then asked to install a third-party app onto her Android smartphone, not knowing it was malware. The app allowed scammers to take over her device while she slept at night and steal no less than S$20,000 from her bank account.


"While malware scams are not particularly new, scammers are getting increasingly innovative," said Mr Beaver Chua, Head of Anti-Fraud at OCBC Bank’s Group Financial Crime Compliance Department.


"Besides website pop-up banners, which are most common, pasting bogus QR codes outside F&B establishments is another cunning way to hook victims as consumers may not be able to differentiate between legitimate and malicious QR codes."


When victims scan malicious QR codes, they're asked to install malware and are made to grant it access to their devices' camera and microphones, as Mr Chua explains. They're also prompted to enable the Android Accessibility Service, an app that provides alternative ways for users with disabilities to use and communicate with their devices, allowing scammers to take control. Once scammers are able to do that, they simply wait for victims to use their banking apps, taking note of their login credentials and password. In some instances, scammers might also disable facial recognition, so that victims will be forced to key-in their information. After that, scammers use the camera on their victims' devices to monitor activity and find an opportunity to strike. That opportunity usually comes at night, when victims are asleep and can't see that their devices are being controlled remotely.

Mr Beaver Chua
Mr Beaver Chua, Head of Anti-Fraud at OCBC Bank’s Group Financial Crime Compliance Department. Credit: The Straits Times

Mr Chua notes that scammers tend to paste these malicious QR codes near authorised scan-to-pay signs to deceive potential victims into thinking they're legitimate. Some codes have also been spotted pasted on lamp posts near traffic lights.


The police and the Cyber Security Agency of Singapore in April warned the public about downloading apps from suspicious websites. In the same month, the police also said phishing scams that involve malware being installed on victims' Android phones were on the rise. Since March, there has reportedly been at least 113 victims with losses reaching as much as S$445,000.


Mrs Ong-Ang Ai Boon, Director of the Association of Banks in Singapore, urged the public to remain vigilant of such scams, while also sharing a few tips to help avoid them. "It remains critically important for everyone to practise cyber-security discipline by not clicking unknown links or installing unknown apps or software onto their devices," she said. "While banks will continue to do our part in surveillance and recovery efforts, the strongest defence against scams is a watchful and discerning public.

 
  • A 60-year-old woman fell victim to one such scam after she took a supposed "survey" to score a free cup of bubble tea.

  • She was asked to install a third-party app onto her Android smartphone to complete the "survey", not knowing it was malware.

  • The app allowed scammers to take over her device while she slept at night and steal no less than S$20,000 from her bank account.

  • Scammers reportedly tend to paste the malicious QR codes near authorised scan-to-pay signs to deceive potential victims into thinking they're legitimate.






As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

bottom of page