Hacker drains educator’s bank account after alleged malware infiltration

SINGAPORE: In a shocking revelation from the Shin Min Daily News, Ms Chen, a 49-year-old professional in the education sector, fell victim to an alleged malevolent cyberattack which not only siphoned S$8,000 from her bank account but also falsely requested a cash advance of $20,000.

On 18 July, Ms Chen received a perplexing notification regarding a S$6,000 bank transaction. However, before she could scrutinize it, the message vanished.

Alarmed, she quickly accessed her online banking portal, only to be met with a gut-wrenching sight — a mere S$4 remained in her account.

Without hesitation, Ms Chen took swift action. She contacted her bank to suspend her account and promptly filed a police report, surrendering her phone for investigation.

Subsequent police probes unveiled that fraudsters had employed malware to breach her device and authorize the illicit transactions.

This security lapse, Ms Chen suspects, originated from a seemingly innocuous Facebook advertisement click. The supposed malware from the misleading advert seemingly compromised her Google Chrome browser.

The hackers, unable to access her phone without her direct consent, cunningly tricked her into granting them entry via a counterfeit “app update” alert.

Ms Chen recalls overlooking an odd notification about a Chrome update and hastily giving her consent.

After approval was granted, the hacker downloaded Teamviewer on Ms Chen’s phone to remotely control her device.

While TeamViewer is bona fide software designed for remote computer connections, remote assistance, and file transfers between devices, it has unfortunately been co-opted by fraudsters for nefarious activities.

In a cautionary statement, she highlighted the importance of vigilance, “I failed to observe that there were two Google Chrome apps on my phone. Everyone should routinely inspect their phones to avoid inadvertently downloading malware.”

Post gaining access, the hacker swiftly manoeuvred. Records indicate that the perpetrator accessed Ms Chen’s account on 15 July, subsequently adding a new beneficiary.

By 18 July, around 2 pm, five transactions had been executed, one of which audaciously sought a cash advance worth $20,000. The hacker meticulously erased all SMS notifications from the bank, leaving Ms Chen oblivious until 6 pm that evening.

Distressingly, it appears that the transferred funds may be lost forever. The newly added payee, linked to an encrypted currency company, likely converted Ms Chen’s funds to cryptocurrency, then rerouting it to an anonymous third party.

The police, when approached by the media, have verified that they are actively investigating the matter.

Ms Chen, a recent divorcee and mother to two young daughters, is currently under financial strain, employing a caregiver at a monthly cost of S$700.

The bank’s unexpected demand that she repay the unauthorized S$20,000 cash advance, along with an added interest and handling fees of S$700, has further exacerbated her woes.

With a glimmer of hope, she reveals that the bank is reconsidering her case, possibly waiving the $20,000 out of compassion.

Her unfortunate ordeal serves as a potent reminder of the ever-looming threat of cybercrime.