Woman in SG loses over RM100,000 after downloading third-party app via WhatsApp


Tan (not her real name) chanced upon a sponsored advertisement on Facebook on May 21 which promised to give people a food blender worth S$80 (RM274) if they downloaded a shopping app and spent at least S$30 (RM103) on it. — Image by jannoon028 on Freepik

SINGAPORE: A 34-year-old woman lost close to S$30,000 (RM103,021) after scammers took control of her phone when she downloaded a third-party app.

Tan (not her real name) chanced upon a sponsored advertisement on Facebook on May 21 which promised to give people a food blender worth S$80 (RM274) if they downloaded a shopping app and spent at least S$30 (RM103) on it.

Enticed by what seemed like a good deal, she clicked on the link, which directed her to a WhatsApp business account.

Following instructions given, Tan later downloaded the third-party app from the WhatsApp account onto her Android phone.

Over the next few days, she tried but failed to check out groceries worth about S$30 (RM103) she ordered via the app.

Tan alerted the WhatsApp account holder of her problem but was told that as the app was new, glitches were expected and that she should try again a few days later.

But on May 25, when the account holder said she could make payments, Tan realised that another person was controlling her phone when a notification popped up asking her approval for a transaction of more than S$4,000 (RM13,735).

“I was quite shocked... The (display on the) screen started moving on its own. I could not reject the transaction and I tried to make calls to stop the transaction but I couldn’t,” said the administrative worker.

She then noticed that six transactions had been made through her DBS Bank account over 22 minutes. Every transaction was worth close to S$5,000 (RM17,169), and they totalled S$29,877.90 (RM102,594).

Kevin Reed, chief information security officer of cybersecurity company Acronis, said such a scam is a result of malvertising, or malicious advertising, where online platforms allow their users to create advertisements targeting a specific audience and include links to anything from a Web page to a direct software download.

He added that Android users are more susceptible to malware as the operating system allows software installation from outside the Google Play Store.

For iPhone users, he said, “Apple uses this ‘walled garden’ concept and installing applications outside the App Store is an extremely cumbersome process. It would be very hard to convince an ordinary user to go through it”.

However, he noted, malvertising may soon pose a higher risk to Apple users, at least in Europe, as the company may have to allow users to download applications outside the App Store under the EU’s new Digital Markets Act (DMA).

In response to queries, DBS said it will help customers who fall for scams by, for instance, replacing their cards.

DBS added: “While we continue to adopt multi-pronged measures to strengthen fraud prevention and recovery, including real-time blocking capabilities and loss recovery, customers remain the first line of defence in safeguarding against scams.”

It advises customers to take measures such as setting alerts for transactions using their accounts and cards for amounts as low as one cent, or temporarily locking or unlocking their debit or credit cards through their app immediately when they suspect fraudulent transactions have taken place.

DBS sent an email to customers on May 28 to warn users of fake advertisements on social media and to not download dubious apps from unofficial sources.

Reed advises Android users not to install apps from outside Google Play Store or through any other links, adding that if they suspect their phone is being controlled by a malicious actor, switching off the phone can help to stop the attack.

Scams where victims are lured to download apps from dubious sites are not new. In May, The Straits Times reported a woman losing S$20,000 (RM68,676) to a bubble tea survey scam while she was sleeping. She had scanned a QR code and downloaded a third-party app onto her phone to complete the “survey”.

In April, the police and the Cyber Security Agency of Singapore warned the public against downloading apps from dubious sites that can lead to malware being installed on their mobile phones.

That month, the police also alerted the public to the resurgence of phishing scams involving malware installed on victims’ Android phones. The police had said that since March, there have been at least 113 victims who lost at least S$445,000 (RM1.52mil). – The Straits Times (Singapore)/Asia News Network

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Japan's antitrust watchdog to find Google violated law in search case, Nikkei reports
Is tech industry already on cusp of artificial intelligence slowdown?
What does watching all those videos do to kids' brains?
How the Swedish Dungeons & Dragons inspired 'Helldivers 2'
'The Mind Twisting Quadroids' review: Help needed conquering the galaxy
Albania bans TikTok for a year after killing of teenager
As TikTok runs out of options in the US, this billionaire has a plan to save it
Google offers to loosen search deals in US antitrust case remedy
Is Bluesky the new Twitter for teachers in the US?
'Metaphor: ReFantazio', 'Dragon Age', 'Astro Bot' and an indie wave lead the top video games of 2024

Others Also Read