PETALING JAYA: Public Bank has issued a scam alert urging customers to exercise caution when encountering social media advertisements for mooncake sales that require a third-party app to make payments.

These unknown third-party apps that are not hosted on the official stores could pose a security risk, potentially containing malware that could allow a scammer to obtain full access to a user's device.

In a notice sent to customers over email, the bank states that once the malicious app is installed, it could capture both personal and financial details belonging to a user when they make a payment at the checkout page.

With this information, fraudsters will then be able to access a user's bank account and transfer out all the remaining funds.

Public Bank advises that customers be on the lookout for red flags, including if the app is being offered only through links or APK files from sellers, not official app stores; the permissions it asks for when installed; and if their Personal Login Phrase (PLP) appears after entering their banking user ID and password.

Should a user suspect that they have responded to a scam, they should immediately report it to their bank or deactivate the card account via the appropriate online banking platform.

This comes after reports of online mooncake scams in Singapore, which saw at least 27 victims lose about S$325,000 (RM1.11mil) in August alone.

Another recent case saw a woman in Selangor pay RM440 for four boxes of mooncake, but she never received her order after making the payment.

The victim only realised she had been scammed when the seller told her to install a third-party app and input her personal details in order to get a refund.