11 PERSONS ARRESTED FOR SUSPECTED INVOLVEMENT IN BANKING-RELATED MALWARE SCAM CASES
A total of eight men and two women, aged between 17 and 57, and a 16-year-old teenager have been arrested for their suspected involvement in the recent spate of banking-related malware scam cases. Another five men and a woman, aged between 21 and 41, are assisting in the investigations, following an island-wide anti-scam enforcement operations conducted between 11 and 22 September 2023.
Over the course of two weeks, officers from Commercial Affairs Department (CAD) and Police Intelligence Department (PID) mounted simultaneous island-wide operations and arrested the 11 persons. Preliminary investigations revealed that seven men and two women, and the teenager, had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and/or disclosing Singpass credentials for monetary gains. A 28-year-old man is believed to have withdrawn money from his bank account and handed the money to an unknown person.
Since January 2023, the Police have received increasing number of reports of malware being used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims’ bank accounts, even when they have not divulged their Internet banking credentials, One-Time-Passwords (OTPs) or Singpass credentials to anyone. In these cases, the victims responded to advertisements (e.g., on cleaning services, pet grooming, food items such as seafood and groceries, etc.) on social media platforms like Facebook. They were then instructed by the scammers to download Android Package Kit (APK) from non-official app stores to facilitate the purchase, which led to malware being installed on their mobile devices. Subsequently, the scammers convinced the victims via phone calls or text messages to turn on accessibility services on their Android phones. This weakened the phones’ security, allowing scammers to take full control of the victims’ phones. As a result, the scammers could log every keystroke, steal banking credentials stored on the phones, remotely log access victims’ banking apps, add money mules as payees, raise payment limits and transfer money to money mules. The scammers can further delete SMSes and email notifications related to these bank transfers to cover their tracks.
Police investigations are ongoing. The offence of acquiring benefits from criminal conduct under Section 54(5)(a) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992, carries an imprisonment of up to 10 years, a fine of up to $500,000, or both. For deceiving the banks into opening bank accounts that were not meant for their own use and relinquishing their bank account login details, they are liable under Section 417 read with Section 109 of the Penal Code 1871 and Section 3(1) of the Computer Misuse Act 1993 respectively. The offence of cheating under Section 417 of the Penal Code 1871 carries an imprisonment term of up to three years, or with a fine, or both, while the offence under Section 3(1) of the Computer Misuse Act 1993 carries a fine of up to $5,000, or an imprisonment term of up to two years, or both. For disclosing their Singpass credentials under Section 8 of the Computer Misuse Act 1993, they are liable to an imprisonment term not exceeding three years, a fine of up to $10,000, or both.
Advisory Against Downloading of Malicious Apps
The Police would like to remind members of the public that they should not click on suspicious links, scan unknown QR codes, or download mobile apps from third-party websites or unknown sources. These unverified apps may contain malware, which can severely compromise the security of mobile devices. Instead, members of the public are reminded to only download apps from official app stores. Before downloading any app, check the number of downloads and user reviews. Always be wary of any requests for Singpass and banking credentials or money transfers and attractive offers that sound too good to be true. Lastly, members of the public are advised to turn on security settings, such as disallowing installation of apps from unknown sources, to help protect their devices.
The Police will spare no effort to track down cybercriminals responsible for banking-related malware incidents and will continue to take tough enforcement actions against those who flout the law. To avoid being an accomplice in these crimes, members of the public should always reject seemingly attractive money-making opportunities promising fast and easy pay-outs for the use of their Singpass accounts, bank accounts, or for allowing their personal bank accounts to be used to receive and transfer money for others. The Police would like to remind members of the public that individuals will be held accountable if they are found to be linked to such crimes.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688. Anyone with information on such scams may call the Police Hotline at 1800-255-0000 or submit information online at www.police.gov.sg/iwitness. All information will be kept strictly confidential.
PUBLIC AFFAIRS DEPARTMENT
SINGAPORE POLICE FORCE
23 September 2023 @ 2:25 PM
Four teens among 11 suspects nabbed in two-week islandwide anti-scam operations
UPDATED 2023年9月23日 下午5:39 SGT
SINGAPORE – Four teenagers were among 11 people arrested for their alleged involvement in a spate of banking-related malware scams, the police said on Saturday.
The teenagers, three male and one female, are aged between 16 and 19. The other seven suspects, six men and one woman, are aged between 20 and 57.
They were nabbed following islandwide anti-scam operations by the Commercial Affairs Department and Police Intelligence Department from Sept 11 to 22.
Another five men and a woman, aged between 21 and 41, are assisting with investigations.
The police said that the 10 people, including the four teenagers, had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and Singpass credentials for monetary gains.
One of the suspects, a 28-year-old, is believed to have withdrawn money from his bank account and handed the money to an unknown person, the police added.
Since January, the police has received an increasing number of reports of unauthorised bank transactions made after victim’s mobile devices were compromised by malware. This was even when the victims did not share their Internet banking credentials, One-Time Passwords or OTPs, or Singpass credentials to anyone.
From January to June, 22,339 scam cases were reported, a 64.5 per cent increase from the 13,576 cases during the same period last year.
However, the total amount victims lost in the first half of this year dipped slightly to $334.5 million, from $342.1 million during the same period last year.
The victims responded to advertisements on social media platforms like Facebook, and were duped into downloading an Android Package Kit from unofficial app stores, which led to malware being installed on their mobile devices.
Subsequently, the scammers convinced the victims via phone calls or text messages to turn on accessibility services on their Android phones, which weakened the phones’ security and allowed scammers to take full control of the victim’s phones.
Scammers could then take note of every keystroke, steal banking credentials stored on the phones, remotely log in and access victims’ banking apps, add money mules as payees, raise payment limits and transfer money to money mules.
The scammers could also delete SMSes and email notifications related to these bank transfers to cover their tracks.
Earlier this month, a woman who wanted to buy mooncakes online lost $76,000 after scammers took control of her phone through a third-party app and siphoned the money from her bank account.
Similarly, in August, a woman who placed an online order for grouper fillets lost over $44,000 after scammers took control of her Android phone and banking details remotely.
The police has advised the public against downloading apps from third-party websites or unknown sources, scan unknown QR codes, or clicking on suspicious links, as these could contain malware. They also advise the public to download apps only from official app stores and to be wary of requests for Singpass and banking credentials or money transfers.
The public can also turn on security settings that disallow the installation of apps from unknown sources.
People should reject attractive money-making opportunities that involve the use of their Singpass accounts or bank accounts for illegal activities, they added.
For more information on scams, the public can visit www.scamalert.sg or call the anti-scam helpline on 1800-722-6688.
Anyone with information on such scams may call the police hotline on 1800-255-0000, or submit information online at www.police.gov.sg/iwitness.
发表回复