At least 27 victims have fallen to mooncake scams perpetrated on social media platforms and involving a malicious Android mobile application.
Total losses in August have amounted to at least S$325,000 (US$238,740), said the police on Tuesday (Sep 5).
Victims would come across advertisements for the sale of mooncakes on Facebook and Instagram in this new scam variant.
They would then be contacted by scammers on WhatsApp and directed to malicious links to make payments.
“These malicious links will lead victims to download an Android Package Kit (APK) file,” said the police.
These files, created for the Android operating system, contain malware. The police added that in some cases, victims were first instructed to make PayNow or bank transfers for the payment of mooncakes. They would then be told that their orders had to be cancelled due to “production or manpower issues”.
To obtain a refund, the victims would be told to download and install an APK file, granting scammers access to their devices remotely to steal passwords and retrieve banking credentials.
“Subsequently, victims discovered unauthorised transactions from their banking accounts,” said the police.
The police said in March at least 168 people were cheated of at least S$20,000 while trying to buy seasonal food items online such as black gold musang king durian, cherries and wagyu beef.
After checking that the Wi-Fi is switched off, run an anti-virus scan. Victims should also check their bank account, Singpass and CPF for any unauthorised transactions using other devices.
“If there are unauthorised transactions, report to the bank, relevant authorities, and lodge a police report.”
CNA
