Social media mooncake scams in Singapore drain S$325,000 from 27 victims in a month

SINGAPORE: Scams involving mooncake sales on social media platforms have victimized at least 27 individuals, with scammers employing a malicious Android mobile app in their tactics.

As of 5 September, the Singapore Police Force (SPF) has reported total losses of at least S$325,000 (equivalent to US$238,740) for the month of August.

In this new variation of scams, victims encountered advertisements on Facebook and Instagram promoting the sale of mooncakes.

Upon reaching out to the supposed “sellers” through social messaging platforms to place their orders for the advertised mooncakes, victims were redirected to WhatsApp for payment.

However, these links led victims to download an Android Package Kit (APK) file, which is an application designed for Android’s operating system and contained malicious software.

In certain instances, victims were instructed to make payments through PayNow or bank transfers to purchase the mooncakes.

The scammers would then claim that the orders needed to be cancelled due to production or staffing issues, and they would guide victims to malicious links for supposed “refunds.”

To obtain these refunds, victims were instructed to download and install an APK file, unwittingly granting scammers remote access to their devices.

This access allowed the scammers to steal passwords and access banking credentials, ultimately resulting in unauthorized transactions from victims’ bank accounts, as reported by the police.

SPF advice regarding e-commerce scams

The police recommended that people take precautions like installing the ScamShield app, turning on extra security for their bank apps, and setting limits on online banking transactions.

“The police would like to remind members of the public of the danger of downloading apps from third-party or dubious sites,” they stated.

Furthermore, law enforcement recommended that individuals ensure their devices are equipped with the latest antivirus and anti-malware software and deactivate the settings that allow the installation of apps from unfamiliar or untrusted sources.

The general public is strongly advised to exclusively obtain and install apps from legitimate app stores, and exercise caution if prompted to download unfamiliar apps for buying products or services on social media platforms.

Individuals who have downloaded and installed an app that raises suspicion or suspect their phone might be compromised by malware should switch their device to “flight mode.”

Subsequently, they should ensure that Wi-Fi is disabled and conduct an antivirus scan.

It is also crucial for potential victims to inspect their bank accounts, Singpass, and CPF records for any unauthorized transactions originating from other devices.

“If there are unauthorized transactions, report to the bank, and relevant authorities, and lodge a police report.”

To access additional details about scams, members of the public can navigate to www.scamalert.sg or contact the anti-scam hotline at 1800-722-6688.