ANN/THE STAR – At least 113 Singaporean Android phone users had their banking credentials stolen in phishing scams since March, with losses amounting to at least SGD445,000.
The police said on April 13 that the victims had come across advertisements marketing home services or the sale of food items on social media platforms.
The victims contacted the putative businesses through the platforms or via WhatsApp, and were sent a URL that redirected them to download an app to book the services or make their purchases.
Clicking on the URL took them to fake Internet banking login sites, where they then keyed in their banking details, including card information.
The applications they downloaded contained malware that redirected victims’ banking credentials and SMS one-time passwords to the scammers.
“These would be used by scammers to access and make unauthorised transactions in the Android phone’s Internet banking app,” said the police, adding that victims only realised they had been scammed after noticing unauthorised transactions.
“Always exercise caution when clicking on advertisements embedded within applications that lead to a third-party website that prompts downloads of files,” the police advised.
The police advised downloading apps only from official app stores, and checking the developer information as well as the number of downloads and user reviews to ensure that the app is legitimate.
