SINGAPORE: A new scam involving mooncake sales on social media platforms has cost at least 27 victims around S$325,000 (RM1.11mil) in August alone, said the police on Sept 5.
After contacting the “sellers” through social messaging platforms to place orders for mooncakes advertised on Facebook and Instagram, the victims were directed through WhatsApp to make payment. But the links, the police said, led victims to download an Android Package Kit (APK) file, an application created for Android’s operating system, containing malware.
In some cases, victims were instructed to make PayNow or bank transfers to buy the mooncakes.
The scammers would then inform victims that their orders had to be cancelled due to production or manpower issues, and direct them to the malicious links for “refunds”.
After the APK file was downloaded and installed, the scammers would gain remote access to the victims’ devices, letting them steal passwords and retrieve banking credentials.
Victims later discovered unauthorised transactions from their banking accounts.
The police advised the public to adopt precautionary measures such as adding the ScamShield app, enabling two-factor or multifactor authentication for bank apps and setting transaction limits on Internet banking transactions.
The police also advised the public to ensure their devices have updated antivirus/anti-malware applications installed and to disable “Install Unknown App” or “Unknown Sources” in their phone settings.
Members of the public should download and install applications from only official app stores, and be wary if asked to download unknown apps to purchase items or services on social media platforms.
The police urged the public to report any fraudulent transactions to their bank immediately and to inform the authorities, family and friends about scams.
If individuals suspect that their phone is infected with malware, they should turn their phone to “flight mode”, run an antivirus scan on their phone, check their bank accounts for any unauthorised transactions using other devices, report it to the bank and relevant authorities, and lodge a police report. – The Straits Times (Singapore)/Asia News Network