Crime
Singaporean woman faces a loss exceeding S$20,000 from her credit card and bank accounts following the installation of a third-party app
54-year-old “Ms Lim” was scammed out of over S$20,000 after responding to a deceptive Facebook advertisement for a food delivery service. Scammers gained remote access to her phone, manipulating her banking details and transferring substantial amounts from her accounts within hours.
SINGAPORE: An unfortunate incident occurred involving Ms Lim (pseudonym), whose food delivery order, initially valued at $58, ended up costing her an exorbitant sum of over $20,000.
This situation unfolded as scammers gained remote access to her Android phone and banking particulars as reported by The Straits Times.
Ms Lim, aged 54, found herself losing nearly $20,500 from both a credit card account and two DBS savings accounts within a matter of hours.
This financial loss transpired shortly after she clicked on a link to download a third-party app, following a series of events where the scammers exploited her.
They not only manipulated her credit limits but also siphoned all her funds.
The circumstances leading up to this unfortunate incident started when Ms Lim sought out healthy meal delivery options for her elderly parents.
On 26 July, she responded to a Facebook advertisement posted by a company named Healthy Box, mistaking it for the local caterer Grain, with whom she had previous experience.
This misunderstanding fostered a sense of trust, which unfortunately worked in favour of the scammers.
Initial communication occurred via Facebook Messenger, but it transitioned to WhatsApp around noon on the same day.
Believing she was conversing with a representative from Grain, Ms Lim was sent a link through WhatsApp to download an unfamiliar app for placing the food order.
Strangely, the app’s appearance closely resembled the mobile version of Grain’s website.
Upon attempting to make a payment of $58 via PayNow to an alternate number, Ms. Lim received a message indicating that the vendor’s PayNow functionality was unavailable.
She was prompted to share a link for the vendor to rectify this issue.
Despite alerting the individual and requesting assistance, her efforts went unanswered.
Later that day, when taking a lunch break from her online meetings, Ms. Lim noticed an unusual and alarming heat emanating from her phone.
Upon turning it on, she was met with a blank screen and an automatic factory reset.
Unsuspectingly, she followed the phone’s reset process, akin to setting up a new device.
However, her realization of the dire situation came when she attempted to withdraw funds using her ATM card in the evening, only to find her bank balance entirely depleted.
Swift action was taken as she contacted DBS customer service, who confirmed that her funds had been maliciously transferred.
Subsequently, she visited a DBS branch, uncovering details of the scam’s progression.
The fraudulent activities were unveiled: her DBS Everyday credit card’s limit was elevated from $14,500 to $18,500, with funds totalling $17,850 moved to her POSB Savings account.
Furthermore, $1,553 was transferred to this POSB account from another of her accounts, a DBS Savings account.
Via Internet banking, an amount of $20,493.87, including an additional $1,090.87 that remained unexplained, was funnelled from her POSB account to three separate Standard Chartered accounts, totalling $6,281.40, $6,258.95, and $7,953.52.
Ms Lim expressed her dismay and fear at the ease with which the scammers manipulated her credit limit without verification.
She also questioned the lack of notifications regarding the substantial transactions.
On 2 Aug, Ms Lim received a letter from DBS dated 26 July, notifying her of a credit limit increase approval on the very day of the incident.
This raised her further questions about the lax verification process for such actions.
A police report was promptly filed by Ms Lim, with Grain also making a report about scammers imitating their mobile application.
As police investigations continue, Ms Lim found herself unable to meet the bank’s credit card bill payment deadlines due to the drained accounts.
The emotional and financial toll this incident has taken on Ms. Lim is evident as she grapples with the uncertainty of her financial obligations.
The support of friends and loved ones has been vital, yet the concern for housing payments and loans remains.
Ms Lim’s trust in phone banking has been shaken, as each incoming message now sparks anxiety.
In a desperate attempt to rectify the situation, she sought help from her MP to appeal to DBS, the police, and the Monetary Authority of Singapore (MAS) for leniency regarding the amount fraudulently withdrawn from her credit card account.
According to ST, DBS acknowledges the prevalence of scams and has implemented measures to promptly assist affected customers.
For customers who fall victim to scams, there are specific measures in place to offer assistance.
These include a dedicated fraud hotline reachable at 1800-339-6963 (for calls within Singapore) or (+65) 63396963 (for international calls).
Additionally, the digibank app features a safety switch function that can temporarily restrict access to funds.
DBS also said it would continue to enhance fraud prevention and recovery, and customers are urged to remain vigilant as the first line of defence against scams.
The increase of malware scams affecting Android users
Malware scams targeting Android users have surged, causing unauthorized transactions from victims’ bank accounts.
Various media sources have documented these incidents, affecting users across different banks.
Law enforcement has observed an increase in reports from Android users falling victim to these scams, leading to significant financial losses despite victims not disclosing their banking details.
Recent enforcement efforts resulted in the arrest of ten suspects linked to malware scams, in which two Android users lost $99,800 from their CPF savings in June.
Just last month, in a similar case, such as Ms Lim, an unsuspecting preschool teacher, Diana Vigneswari V Ramachandran, found herself S$4,400 poorer after falling prey to a sophisticated new kind of malware scam targeting her bank account.
Diana discovered the unauthorized transfer from her POSB Bank account to an unknown UOB account via the PayNow platform at 2.31 am on 7 July, while she was still asleep. The money had been wired out of her account without her knowledge or approval.
Scammers’ operating methods
The scammers utilize a consistent approach, luring victims through social media ads to download Android Package Kit files from third-party stores.
Instead of legitimate apps, victims unknowingly install malware.
The scammers prompt victims to enable accessibility services, compromising device security.
This breach grants full control, allowing scammers to record keystrokes, steal banking credentials, access banking apps, alter settings, and delete bank notifications.
The police and Cyber Security Agency of Singapore (CSA) highlight scammers’ sophisticated methods of exploiting Android’s open platform, appealing due to customization, flexibility, and vulnerability.
Banks are intensifying their security measures
Banks are proactively enhancing security measures to combat evolving scam tactics.
Android phone users with the OCBC digital app recently received a security update, preventing access for those with unofficially downloaded apps.
The Monetary Authority of Singapore (MAS) acknowledged potential inconveniences from heightened security but stressed the importance of maintaining digital banking’s security and trust.
Mrs Ong-Ang Ai Boon, director of the Association of Banks in Singapore, warned that failure to take precautions could lead to consumers shouldering financial losses caused by malware scams.
ALL CORRUPT EVIL-DOERS ARE BEING WATCHED & RECORDED CLOSELY BY WHITE HATES.
ONE PHONE TO RULE DAMN ALL.
Qphone!
https://t.me/NICK_FLEMlNG_RV_GCR_UPDATE_T0DAY/58131
I was scammed $1400 before. Banks favourite advice to customers is to make a police report and indirectly they will hide behind the police to minimise their responsibility. The Banks are the de facto authority on banking matters such as bank transfers between banks yet their advice is to let the Police investigate. One month after the police report, I received a letter from the Police saying there is no outcome to their investigation and they are closing the case. We often read or hear about the Police cracking a billion dollar money laundering case, and expressed “wow”. But to… Read more »
Singapore is great for me…Safe, clean, well equipped. I stay away from most people…just Hello and Bye. With Internet, I roam the world but stay away from financial transactions. I can read the news, engaged in Internet blogs, etc. Never lonely. Just stay away from other humans unless you need them (for food, medicine, etc). All scams are by humans. Trust no one…yes..trust no one by God and your immediate loved ones.
I survive comfortably without a handphone since the pager era that is some 40 years ago.
I don’t need or own a handphone even if forced to by the establishments.
I transact all my banking and other daily needs the old fashion school ways.
My life is still very comfortable without a handphone and I sleep well too !
On top of that I saved substantially on expenses in devices and subscription plans throughout the years.
Best of all I can call GOD on the telephone for free anytime anywhere.
He never fails to pick up and listen.
Recall the show Independence Day. To fight against the aliens without using the earth’s computer system, humans used morse code to communicate. This was to avoid detection by the aliens. For the banking system and fight these scammers and fraudsters, I suggest the following: 1) set a daily limit to withdrawal as is presently done. However, this is a PERMANENT lock-in and cannot be changed once we have set the amount. 2) however, if we want to change the daily limit, we have to physically go down to a bank branch to reset the amount. This is the parallel morse… Read more »
this is stupig. no it’s insult to pigs. once the app/hack take control of the phone why would they restrict themselves?!?! if the phone didnt have the banking app in the first place, there will not be a security concern! fucking idiots.
i guess the malware app stole her google login to factory reset her phone remotely via “Find your device” app from google, to prevent tracing or any bank warnings of high amt of withdrawals.
google overlord should really remove this shit “feature”. if people wanna find device, just let them find device, don’t allow hackers to take control of multiple devices!
The biggest blind spot for most of us…we rely on our cellphone and laptop for everything. We combine all our savings in one account. We must segregate long term reserves from short term operating account. Have a separate Ultra Safe bank account in a separate bank. Have a separate cellphone that you use ONLY for funds transfer to your operating account. Nothing else…no phone calls except to your family members. No sms, whatsapp, downloading of QR code. Keep that cellphone isolated…unlikely any hacker can gain access. Your regular cellphone and laptop can surf the Internet. Even to operate your normal… Read more »
MAS is promoting digital banking without studying all the weak points of the service. Traditional banking services must remain, digital banking should not replace but be an additional banking service . It looks like MAS is abetting the theives when the population is not ready to go completely digital. I still think cash is king and will move my funds out of Singapore if the banks insist on only digital banking. So Ravi Menon should not be forcing a service that can bring about loss to the resident population. CPF funds also can be stolen so why keep pushing for… Read more »
Why blame the bank?
Your phone number, IMEI, all identified, and verified that its you..
What do you expect the bank to do.. ??
Call you every time you perform a transaction??
If the bank does not approve the transaction, you complain.
Then just use cash… forget about “deals”.
So many misses Nokia