At least 2 Android users lose close to $100k of CPF savings in June in malware-related scams
SINGAPORE – At least two Android users have lost $99,800 of their Central Provident Fund (CPF) savings in June, due to scams involving malware.
The police said on Saturday the victims came across advertisements marketing groceries like seafood on social media platforms, including Facebook.
The victims contacted the businesses through their social media platform or WhatsApp.
They were sent a URL to download an Android Package Kit (APK) file, an application created for Android’s operating system, to order groceries and make a payment.
Apps or APK files from the Internet or a third party could contain phishing malware.
APKs are installation files for Android apps that can be downloaded from the Internet and third party app stores, instead of the Google Play Store.
The victims were unaware that the application contains malware that allow scammers to access the victims’ device remotely and steal passwords. These include the Singpass passcode, among other things, which have been stored in the victims’ device.
“The scammer might also call the victim to ask for their Singpass passcode, purportedly to create an account on the application,” said the police.
Victims were directed to fake bank sites to key in their login credentials to make payment within the app.
The malware would then capture the credentials entered.
The scammers were then able to access the victims’ CPF account remotely using the stolen Singpass passcode and request to withdraw funds through PayNow.
The police did not state the victims’ ages. CPF members can withdraw some of their savings when they turn 55, and receive monthly payouts under the CPF Life scheme when they reach the eligible age – currently at 65.
Once the CPF funds are deposited into the victims’ bank accounts, the scammer accessed the victims’ bank application and transferred the money out via PayNow.
The victims realised they were scammed when they discovered unauthorised transactions made to their bank accounts.
The police remind the public of the dangers of downloading apps from third-party or dubious sites that can lead to malware being installed on their computers, mobile phones and other IT devices.
Scammers trick victims to install malware-infected apps that are not in the app store, the police added, advising the public not to download any suspicious APK files as they may contain phishing malware.
People should update their devices with the latest security patches and report any fraudulent transactions to the banks immediately.
For more information, they can visit www.scamalert.sg or call the Anti-Scam Hotline on 1800-722-6688.
Anyone with information on scams can call the police hotline on 1800-255-0000 or submit details confidentially at www.police.gov.sg/iwitness
Mobile device users can also learn more about protecting themselves against malware at https://www.csa.gov.sg/alerts-advisories/Advisories/2021/ad-2021-008.
In recent months, similar cases have occurred here.
In June, a 34-year-old woman lost close to $30,000 after scammers took control of her phone when she downloaded a third-party app.
Separately, at least 113 Android phone users had their banking credentials stolen in phishing scams since March, with losses amounting to at least $445,000.
Save more every month with our annual plan: unlimited access, better price.
Join ST's Telegram channel and get the latest breaking news delivered to you.
No comments:
Post a Comment