Woman Takes Online Survey for Free Bubble Tea, Loses S$20,000 in Scam
Updated: Dec 19, 2023
Beware of online surveys asking you to install third-party apps on your device.
A 60-year-old woman fell victim to one such scam after she took a supposed "survey" to score a free cup of bubble tea. According to The Straits Times, the victim reportedly scanned the QR code for the "survey" from a sticker pasted on the glass door of a bubble tea shop. She was then asked to install a third-party app onto her Android smartphone, not knowing it was malware. The app allowed scammers to take over her device while she slept at night and steal no less than S$20,000 from her bank account.
"While malware scams are not particularly new, scammers are getting increasingly innovative," said Mr Beaver Chua, Head of Anti-Fraud at OCBC Bank’s Group Financial Crime Compliance Department.
"Besides website pop-up banners, which are most common, pasting bogus QR codes outside F&B establishments is another cunning way to hook victims as consumers may not be able to differentiate between legitimate and malicious QR codes."
When victims scan malicious QR codes, they're asked to install malware and are made to grant it access to their devices' camera and microphones, as Mr Chua explains. They're also prompted to enable the Android Accessibility Service, an app that provides alternative ways for users with disabilities to use and communicate with their devices, allowing scammers to take control. Once scammers are able to do that, they simply wait for victims to use their banking apps, taking note of their login credentials and password. In some instances, scammers might also disable facial recognition, so that victims will be forced to key-in their information. After that, scammers use the camera on their victims' devices to monitor activity and find an opportunity to strike. That opportunity usually comes at night, when victims are asleep and can't see that their devices are being controlled remotely.
Mr Chua notes that scammers tend to paste these malicious QR codes near authorised scan-to-pay signs to deceive potential victims into thinking they're legitimate. Some codes have also been spotted pasted on lamp posts near traffic lights.
The police and the Cyber Security Agency of Singapore in April warned the public about downloading apps from suspicious websites. In the same month, the police also said phishing scams that involve malware being installed on victims' Android phones were on the rise. Since March, there has reportedly been at least 113 victims with losses reaching as much as S$445,000.
Mrs Ong-Ang Ai Boon, Director of the Association of Banks in Singapore, urged the public to remain vigilant of such scams, while also sharing a few tips to help avoid them. "It remains critically important for everyone to practise cyber-security discipline by not clicking unknown links or installing unknown apps or software onto their devices," she said. "While banks will continue to do our part in surveillance and recovery efforts, the strongest defence against scams is a watchful and discerning public.
A 60-year-old woman fell victim to one such scam after she took a supposed "survey" to score a free cup of bubble tea.
She was asked to install a third-party app onto her Android smartphone to complete the "survey", not knowing it was malware.
The app allowed scammers to take over her device while she slept at night and steal no less than S$20,000 from her bank account.
Scammers reportedly tend to paste the malicious QR codes near authorised scan-to-pay signs to deceive potential victims into thinking they're legitimate.