SINGAPORE (The Straits Times/ANN): Thirteen people, including a 16-year-old youth, were arrested for their suspected involvement in the recent spate of banking-related malware scam cases.
Preliminary investigations showed that 10 of the 13 suspects, aged between 16 and 27, had allegedly facilitated the scam cases by sharing their bank accounts, Internet banking credentials and/or disclosing Singpass credentials for monetary gains.
The rest – three men aged between 20 and 35 – are believed to have withdrawn money from some of the money mules’ bank accounts and handed the money to unknown persons.
They were arrested in an island-wide anti-scam enforcement operation conducted between June 26 and 30 by officers from the Commercial Affairs Department (CAD) and Police Intelligence Department (PID), the police said in a statement on Saturday.
Investigations are ongoing. Another 10 people – nine men and a woman, aged between 17 and 65 – are assisting in the investigations.
Since January, the police have received an increasing number of reports about malware being used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims’ bank accounts even though they did not share any sensitive information regarding their bank or Singpass accounts.
The victims were instead found to have responded to advertisements for cleaning services, pet grooming and food items on social media platforms, such as Facebook.
The scammers later instructed the victims to download an “Android Package Kit (APK)“ from an unofficial app store to facilitate the purchase, leading to malware being installed on the victims’ mobile devices.
The scammers also told the victims via phone calls and text messages to turn on accessibility services on their Android phones.
By doing this, a phone’s security features are weakened, and allows the scammers to control the phone, such as being able to log every keystroke and steal banking credentials stored in the phone and allows them to remotely log in to the victim’s banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules.
The scammers can further delete SMS and e-mail notifications of that bank transfer to cover their tracks.
The offence of acquiring benefits from criminal conduct carries a jail term of up to 10 years, a fine of up to $500,000, or both.
The offence of cheating carries a jail term of up to three years, or a fine, or both.
For disclosing their Singpass credentials, offenders are liable to a jail term of up to three years, a fine of up to $10,000, or both.
Between January and June, victims were reported to have lost about $8 million in more than 700 malware-related scams. At least eight of these scams involved CPF savings, with losses amounting to $124,000.
The police reminded the public to be wary of clicking on suspicious links, scanning unknown QR codes, or downloading mobile apps from third-party websites or unknown sources.
These unverified apps may contain malware, which can severely compromise the security of mobile devices.
Instead, the public should download apps only from official app stores. Before downloading any app, they should check the number of its downloads and user reviews.
The public should always be wary of any requests for banking credentials or money transfers and attractive offers that sound too good to be true, the police said.
Security settings should also be turned on, such as disallowing installation of apps from unknown sources, to help protect devices.
The public can call the anti-scam hotline on 1800-722-6688 or visit www.scamalert.sg for more information on scams. - The Straits Times/ANN